Collection certificate store settings

To specify the name and the provider for a collection certificate store. A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs is used to check the signature of a digitally signed SOAP message.

To view the admin console panel for the collection certificate store on the cell level...

1. Click Security > JAX-WS and JAX-RPC security runtime.

2. Under Additional properties, click Collection certificate store.

3. Specify a new collection certificate store by clicking New or click the collection certificate store name to modify its settings.

To view the admin console panel for the collection certificate store on the server level...

1. Click Servers > Server Types > WebSphere application servers > server_name.

2. Under Security, click JAX-WS and JAX-RPC security runtime.

   In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for WS-Security

3. Under Additional properties, click Collection certificate store.

4. Specify a new collection certificate store by clicking New or by clicking the collection certificate store name to modify its settings.

To view this admin console page for the collection certificate store on the application level...

1. Click Applications > Application Types > WebSphere enterprise appsapplication_name.

2. Under Modules, click Manage modules > URI_name.

3. Under WS-Security Properties, we can access collection certificate stores for the following bindings:

   • For the Request generator, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom > Collection certificate store.

   • For the Request consumer, click Web services: WAS security bindings. Under Request consumer (receiver) binding, click Edit custom > Collection certificate store.

   • For the Response generator, click Web services: WAS security bindings. Under Response generator (sender) binding, click Edit custom > Collection certificate store.

   • For the Response consumer, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom > Collection certificate store.

4. Under Additional properties, we can access collection certificate stores for the following bindings:

   • For the Request receiver binding click Edit > Collection certificate store.

   • For the Response receiver binding, click Edit > Collection certificate store.

5. Specify a new collection certificate store by clicking New or by clicking the collection certificate store name to modify its settings.

After configuring a collection certificate store, we can select the new configuration under Certificate store on the token generator and token consumer panels. To access these panels...

1. Click Security > JAX-WS and JAX-RPC security runtime.

2. Under JAX-RPC Default Generator Bindings, click Token generators or under JAX-RPC Default Consumer Bindings, click Token consumers.

3. Click New to create a new token generator or token consumer, or click the name of an existing configuration to make modifications.

After you configure the collection certificate store on this panel, click Apply before configuring either the certificate revocation list or an X.509 certificate. The certificate revocation list configuration is not available for version 5.x applications through the admin console. After you configure the certificate revocation list or X.509 certificate...

1. Click Save, at the top of the admin console panel, which returns you to the list of the configured collection certificate stores.

2. Click Update runtime to update the WS-Security run time with the default binding information, which is found in the ws_security.xml file.

Certificate store name

Name for the certificate store.

The name of the collection certificate store must be unique in the scope. For example, the name must be unique at the server level. The name specified in Certificate store name field is used by other configurations to refer to a pre-defined collection certificate store. For example, the application binding refers to a collection certificate store that is defined on the server level. The appserver looks up the collection certificate store based on proximity. For example, if cert1 is defined as the name of the certificate store on the cell and server levels and cert1 is referenced in the application binding, the appserver uses the server-level collection certificate store.

Certificate Store Provider

Provider for the certificate store implementation.

This product supports the IBMCertPath certificate path provider. If we need to use another certificate path provider, define the provider implementation in the provider list within the java.security file in the SDK.

Data type	String
Default	IBMCertPath

---

 

Related tasks

Set the collection certificate store for the generator binding on the application level

 

Related

Collection certificate store collection
X.509 certificates collection
X.509 certificate settings
Certificate revocation list collection
Certificate revocation list settings