Adding keystore files

A keystore contains both public keys and private keys. Public keys are stored as signer certificates, while private keys are stored as personal certificates. In WebSphere Application Server, adding keystore files to the configuration is different between client and server. For the client, a keystore file is added to a file, like the sas.client.props property file. For the server, a keystore file is added through the WebSphere Application Server administrative console.

Before you begin

Before you add the keystore file to your configuration, consider the following questions:

Procedure

  1. [Version 6.0.2] Add a keystore file into a client configuration by editing the sas.client.props file and by setting the following properties:
    • com.ibm.ssl.keyStoreType for the keystore format. Range: JKS (default), PKCS12, JCEK.

      Additionally, JCERACFKS and JCE4758RACFKS are available for z/OS platforms. One of these types much be used for a SAF key ring.

    • com.ibm.ssl.keyStore for a fully qualified path to the keystore file. The keystore file contains private keys and sometimes also contains public keys.

      For SAF key rings, set com.ibm.ssl.keyStore to safkeyring:///your_keyring_name.

    • com.ibm.ssl.keyStorePassword for the password to access the keystore file.

      For SAF key rings, set the com.ibm.ssl.keyStorePassword property to password, and set the com.ibm.ssl.keyStoreType property to JCERACFKS. Please note that for the com.ibm.ssl.keyStorePassword property, password is not an actual password used to access the key ring, but a dummy value used by the dialog.

  2. Add a keystore file into a server configuration:
    1. Start the administrative console by specifying: http://server_hostname:port_number/ibm/console.
    2. Optional: Click New SSL repertoire to create a new Secure Sockets Layer (SSL) setting alias if one does not exist or click New JSSE repertoire to create a new Java Secure Sockets Extension (JSSE) repertoire.
    3. Select the alias where the keystore file should be added.
    4. Type the key file name for the path of the keystore file.

      Type safkeyring:///your_keyring_name if you want to use certificates and keys that are contained in a SAF key ring.

    5. Type the key file password for the password to access the keystore file.

      Type password if you are using a SAF key ring.

    6. Select the key file format for the keystore type. Range: JKS (default), PKCS12, JCEK or JCERACFKS (z/OS only).
    7. Click OK and Save to save the configuration.

Results

The SSL configuration alias now has a valid keystore file for an SSL connection.

Example




In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Sep 20, 2010 10:03:57 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-zos&topic=tsecaddkeys
File name: tsec_addkeys.html