Adding truststore files

A truststore file is a key database file that contains public keys. The public key is stored as a signer certificate. The keys are used for a variety of purposes, including authentication and data integrity.

Before you begin

In WebSphere Application Server, adding truststore files to the configuration is different between client and server. For the client, a truststore file is added to a property file, like the sas.client.props file. For the server, a truststore file is added through the WebSphere Application Server administrative console.

Before you add the truststore file to your configuration, ask the following questions:

Procedure

  1. Add a truststore file into a client configuration, by editing the sas.client.props file and setting the following properties:
    • com.ibm.ssl.trustStoreType for the truststore format. Range: JKS (default), PKCS12, JCEK, JCERACFKS.

      [z/OS] The type JCERACFKS must be used if you have a SAF key ring as the trust store.

    • [z/OS] com.ibm.ssl.trustStore for the name of the SAF key ring that you want Java Secure Socket Extension (JSSE) to use. Specify safkeyring:///your_keyring_name.
    • [AIX HP-UX Linux Solaris Windows] com.ibm.ssl.trustStore for a fully qualified path to the truststore file. The truststore file contains the public keys.
    • com.ibm.ssl.trustStorePassword for the password to access the truststore file.

      [z/OS] Set the com.ibm.ssl.trustStorePassword property to password if you are using a SAF key ring as the trust store. Please note that for the com.ibm.ssl.trustStorePassword property, password is not an actual password used to access the key ring, but a dummy value used by the dialog.

  2. Add a truststore file into a server configuration:
    1. Start the administrative console by specifying : http://server_host_name:port_number/ibm/console
    2. Click Security > SSL.
    3. Create a new Secure Sockets Layer (SSL) setting alias if one does not already exist.
    4. Select the alias where the truststore file should be added.
    5. Type the trust file name for the path of the truststore file. Type safkeyring:///your_keyring_name if you are using a SAF key ring for the trust store.
    6. Type the trust file password for the password to access the truststore file. Type password if you are using a SAF key ring for the trust store.
    7. Select the trust file format for the truststore type. JKS (Default), PKCS12, JCEK or JCERACFKS (z/OS only).
    8. Click OK and Save to save the configuration.

Results

The SSL configuration alias now contains a valid truststore file for an SSL connection.

Example




In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 10:43:27 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v602web&product=was-nd-mp&topic=tsecaddtrust
File name: tsec_addtrust.html