Trust anchor settings

Trust anchor settings

+
Search Tips | Advanced Search

Trust anchors point to keystores that contain trusted root or self-signed certificates. This information enables you to specify a name for the trust anchor and the information that is needed to access a keystore. The application binding uses this name to reference a predefined trust anchor definition in the binding file (or the default).
This admin console panel applies only to JAX-RPC applications.
To view this admin console page for trust anchors on the cell level...

Security | JAX-WS and JAX-RPC security runtime | Additional properties Trust anchors

To view this admin console page for trust anchors on the server level...

Servers | Server Types | WebSphere application servers | server_name | Security | JAX-WS and JAX-RPC security runtime | Additional properties | Trust anchors

To view this admin console page for trust anchors on the application level,

Applications | Application Types | WebSphere enterprise apps | application_name | Modules | Manage modules | URI_name

Under WS-Security Properties, we can access trust anchors information for the following bindings:

For the Response consumer (receiver) binding, click...
Web services: Client security bindings. Under Response consumer (receiver) binding | Edit custom

For the Request consumer (receiver) binding, click...
Web services: Server security bindings | Request consumer (receiver) binding | Edit custom

For WAS v5, under Additional properties, we can access the trust anchors information for the following bindings:

For the Response receiver binding click...
Web services: Client security bindings | Response receiver binding | Edit

For the Request receiver binding, click...
Web services: WAS security bindings | Request receiver binding | Edit

Under Additional properties, click Trust anchors.

Trust anchor name
WAS v5 and v6

Unique name used by the application binding to reference a predefined trust anchor definition in the default binding.

Key store configuration name

Name of the key store configuration defined in the keystore settings in secure communications.

Key store password
WAS v5

that is needed to access the key store file.

Key store path
WAS v5 and v6

Location of the keystore file.
Use ${USER_INSTALL_ROOT} as this path expands to the WAS path on the machine.

Key store type
WAS v5 and v6

Type of keystore file.
Choose from the following options:

JKS
WAS v5 and v6

Use this option if we are not using Java Cryptography Extensions (JCE).

JCEKS
WAS v5 and v6

Use this option if we are using Java Cryptography Extensions.

PKCS11KS (PKCS11)
WAS v6

Use this format if the keystore uses the PKCS#11 file format. Keystores that use this format might contain Rivest Shamir Adleman (RSA) keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.

PKCS12KS (PKCS12)
WAS v6

Use this option if the keystore uses the PKCS#12 file format.

Default JKS
Range JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12)

Related tasks
Set trust anchors for the generator binding on the application level

Related
Trust anchor collection

Default	JKS
Range	JKS, JCEKS, PKCS11KS (PKCS11), PKCS12KS (PKCS12)