A truststore file is a key database file that contains public
keys. The public key is stored as a signer certificate. The keys are used
for a variety of purposes, including authentication and data integrity.
Before you begin
In WebSphere Application Server, adding truststore files to the
configuration is different between client and server. For the client, a truststore
file is added to a property file, like the sas.client.props file.
For the server, a truststore file is added through the WebSphere Application
Server administrative console.
Before you add the truststore file to your
configuration, ask the following questions:
- If you configure for client authentication using digital certificate,
has the public key of the client personal certificate been imported as a signer
certificate into the server truststore file?
- Does the truststore file contain all the required signer certificates
with respect to the keystore files of the target servers?
Procedure
- Add a truststore file into a client configuration, by editing the sas.client.props file
and setting the following properties:
- com.ibm.ssl.trustStoreType for the truststore format. Range: JKS
(default), PKCS12, JCEK, JCERACFKS.
- com.ibm.ssl.trustStore for
a fully qualified path to the truststore file. The truststore file contains
the public keys.
- com.ibm.ssl.trustStorePassword for the password to access the truststore
file.
- Add a truststore file into a server configuration:
- Start the administrative console by specifying : http://server_host_name:port_number/ibm/console
- Click Security > SSL.
- Create a new Secure Sockets Layer (SSL) setting alias if one
does not already exist.
- Select the alias where the truststore file should be added.
- Type the trust file name for the path of the truststore file.
- Type the trust file password for the password to access the
truststore file.
- Select the trust file format for the truststore type. JKS (Default),
PKCS12, JCEK or JCERACFKS (z/OS only).
- Click OK and Save to save the configuration.
Results
The SSL configuration alias now contains a valid truststore file for
an SSL connection.
Example
- SSL connection for Internet Inter-ORB Protocol (IIOP)
- SSL connection for Lightweight Directory Access Protocol (LDAP)
- SSL connection for Hypertext Transfer Protocol (HTTP)