Add a truststore file to your configuration

A truststore file is a key database file that contains public keys. The public key is stored as a signer certificate. The keys are used for a variety of purposes, including authentication and data integrity. In WebSphere Application Server, adding truststore files to the configuration is different between client and server. For the client, a truststore file is added to a property file, like sas.client.props. For the server, a truststore file is added through the WebSphere Application Server administrative console.

Before you add the truststore file to your configuration, the following questions:

• If you configure for client authentication using digital certificate, has the public key of the client personal certificate been imported as a signer certificate into the server truststore file?
• Does the truststore file contain all the required signer certificates with respect to the keystore files of the target servers?

To add a truststore file, perform these steps:

1. Add a truststore file into your client configuration.
2. Add a truststore file into your server configuration.

Add a truststore file into your client configuration

Add a truststore file into a client configuration by editing the sas.client.props file. (A copy of file is located in the /QIBM/UserData/WebAS5/product/instance/properties directory, where product is either Base or ND, and instance is the name of your server instance.)

Set the following properties in the sas.client.props file:

• For the com.ibm.ssl.trustStoreType property, specify the truststore format. Accepted values are JKS (default), PKCS12KS, or JCEK.
• For the com.ibm.ssl.trustStore property, specify the fully qualified path to the truststore file. The truststore file contains the public keys.
• For the com.ibm.ssl.trustStorePassword property, specify the password to access the truststore file.

Save the file.

Add a keystore file into your server configuration

To add a keystore file to your server instance configuration, perform the following steps in the WebSphere administrative console:

1. In the navigation menu, expand Security and click SSL.
2. Create a new Secure Sockets Layer (SSL) setting alias if one does not exist.
3. Select the alias that you want to add into the truststore file.
4. In the Trust File Name field, enter the path of the truststore file.
5. In the Trust File Password field, enter the password to access the truststore file.
6. In the Trust File Format field, select the truststore type: JKS (Default), PKCS12KS, or JCEK.
7. Click OK.
8. Click Save to save the configuration.

The SSL configuration alias now contains a valid truststore file for an SSL connection.