Trust anchor collection

To view a list of keystore objects that contain trusted root certificates. These objects are used for certificate path validation of incoming X.509-formatted security tokens. Keystore objects within trust anchors contain trusted root certificates that are used by the CertPath API to validate the trust of a certificate chain.

This admin console panel applies only to Java™ API for XML-based RPC (JAX-RPC) applications.

To create the keystore file, use the key tool that is located in...

install_dir\java\jre\bin\keytool

To view this admin console page for trust anchors on the cell level...

1. Click Security > JAX-WS and JAX-RPC security runtime.

2. Under Additional properties, click Trust anchors.

To view this admin console page for trust anchors on the server level...

1. Click Servers > Server Types > WebSphere application servers > server_name.

2. Under Security, click JAX-WS and JAX-RPC security runtime.

   In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for WS-Security

3. Under Additional properties, click Trust anchors.

To view this admin console page for trust anchors on the application level,

1. Click Applications > Application Types > WebSphere enterprise apps > application_name.

2. Click Manage modules > URI_name.

3. Under WS-Security Properties, we can access trust anchors information for the following bindings:

   • For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom.

   • For the Request consumer (receiver) binding, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom.

4. Under Additional properties, we can access the trust anchors information for the following bindings:

   • For the Response receiver binding, click Web services: Client security bindings. Under Response receiver binding, click Edit.

   • For the Request receiver binding, click Web services: WAS security bindings. Under Request receiver binding, click Edit.

5. Under Additional properties, click Trust anchors.

If we click Update runtime, the WS-Security run time is updated with the default binding information, which is contained in the ws-security.xml file that was previously saved. If we make changes on this panel, complete the following steps:

1. Save the changes by clicking Save at the top of the admin console. When you click Save, we are returned to the admin console home panel.

2. Return to the Trust anchors collection panel and click Update runtime. When you click Update runtime, the configuration changes made to the other Web services also are updated in the WS-Security run time.

Trust anchor name

Unique name used to identify the trust anchor.

Key store path

Location of the keystore file that contains the trust anchors.

Key store type

Type of keystore file.

The value for this field is JKS, JCEKS, JCERACFKS (z/OS only), JCE4758RACFKS (z/OS only), PKCS11KS (PKCS11), or PKCS12KS (PKCS12).

---

 

Related tasks

Set trust anchors for the generator binding on the application level

 

Related

Trust anchor settings