Web Services - Trust anchor configuration settings
Use this information to configure a trust anchor. Trust anchors point to keystores that contain trusted root or self-signed certificates. This information enables you to specify a name for the trust anchor and the information that is needed to access a keystore. The application binding uses this name to reference a predefined trust anchor definition in the binding file (or the default).
To view this administrative console page for trust anchors on the cell level, complete the following steps:
- Click...
Security | Web services | Trust anchors- Click New to create a trust anchor or click the name of an existing configuration to modify its settings.
To view this administrative console page for trust anchors on the server level...
- Click...
Servers | Application servers | servername | Security | Web services: Default bindings for Web services security | Additional properties | Trust anchors- Click New to create a trust anchor or click the name of an existing configuration to modify its settings.
To view this administrative console page for trust anchors on the application level,
- Click...
Applications | Enterprise applications | appname | EJB modules or Web modules | URI_name- Under Additional properties, one can access trust anchors information for the following bindings:
- For the Response consumer (receiver) binding, click...
Web services: Client security bindings | Response consumer (receiver) binding | Edit custom- For the Request consumer (receiver) binding, click...
Web services: Server security bindings | Request consumer (receiver) binding | Edit custom
- Under Additional properties, one can access the trust anchors information for the following bindings:
- For the Response receiver binding, click...
Web services: Server security bindings | Response receiver binding | Edit- For the Request receiver binding, click...
Web services: Server security bindings | Request receiver binding | Edit
- Under Additional properties, click Trust anchors.
- Click New to create a trust anchor or click the name of an existing configuration to modify its settings.
- Trust anchor name
Specifies the unique name that is used by the application binding to reference a predefined trust anchor definition in the default binding.
- Key store password
Specifies the password that is needed to access the key store file.
- Key store path
Specifies the location of the keystore file.
Use ${USER_INSTALL_ROOT} as this path expands to the WebSphere Application Server path on your machine.
- Key store type
Specifies the type of keystore file.
Choose from the following options:
- JKS
- Use this option if you are not using Java Cryptography Extensions (JCE).
- JCEKS
- Use this option if you are using Java Cryptography Extensions.
- PKCS11KS (PKCS11)
- Use this format if your keystore uses the PKCS#11 file format. Keystores that use this format might contain Rivest Shamir Adleman (RSA) keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.
- PKCS12KS (PKCS12)
- Use this option if your keystore uses the PKCS#12 file format.
Default JKS Range JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12)