A truststore file is a key database file that contains the public
keys for target servers. The public key is stored as a signer certificate.
If the target uses a self-signed certificate, extract the public certificate
from the server keystore file. Add the extracted certificate into the truststore
file as a signer certificate. For a commercial certificate authority (CA),
the CA root certificate is added. The truststore file can be a more publicly
accessible key database file that contains all the trusted certificates.
Procedure
- Start
the key management utility (iKeyman), if it is not already running.
- Open a new key database file by clicking Key Database File >
New from the menu bar.
- Click the Key Database Type: JKS(Default),
PKCS12, JCEKS, or JCERACFKS (z/OS only) . The key
database type is the trust file format (or the value of the com.ibm.ssl.trustStoreType
property in the sas.client.props file) when you configure the Secure
Sockets Layer (SSL) setting for your application.
- Click the Key Database Type: JKS(Default),
PKCS12, JCEKS, JCERACFKS (z/OS only) or JCE4758RACFKS (z/OS only).
The key database type is the trust file format (or the value
of the com.ibm.ssl.trustStoreType property in the sas.client.props file)
when you configure the Secure Sockets Layer (SSL) setting for your application.
- Type in the file name and location. The full path of this key database
file is used as the trust file name (or the value of com.ibm.ssl.trustStore
property in the sas.client.props) when you configure the SSL setting
for your application.
- Click OK to continue.
- Type a password to restrict access to the file. This password is
used as the trust file password (or the value of the com.ibm.ssl.trustStorePassword
property in the sas.client.props file) when you configure the SSL
setting for your application. Do not set an expiration date on
the password or save the password to a file. You must reset the password when
it expires or protect the password file. This password is used only to release
the information stored by the key management utility during runtime.
- Click OK to continue. The tool now displays all of the available
default signer certificates. These are the public keys of the most common
CAs. You can add, view or delete signer certificates from this screen.
Results
A new SSL truststore file is created.
What to do next
Prepare truststore files for an SSL connection. Specify the truststore
file in the configuration of WebSphere Application Server. Create a keystore
file if one does not exist.