A Secure Sockets Layer (SSL) configuration references keystore
configurations during WebSphere Application Server runtime. Whether
a keystore file was created by another keystore tool or saved from
a previous configuration, the file must be part of a keystore configuration
object. You can create a keystore configuration for the existing keystore
object.
Before you begin
A keystore must already exist.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management
> Manage endpoint security configurations > {Inbound | Outbound}.
- Under Related Items, click Key stores and certificates,
then click New.
- Type a name in the Name field. This name
uniquely identifies the keystore in the configuration.
- Type the location of the keystore file in the Path field.
The location can be a file name or a file URL to an existing
keystore file.
Type the keystore password in the Password field.
This password is for the keystore file that you specified in
the Path field.
Type the keystore password in
the Password field. This password
is for the keystore file that you specified in the Path field.
To
be compatible with the JCE keystore in requiring a password, the JCERACFKS
password is password. Security for this keystore
is not really protected using a password as other keystore types,
but rather it is based on the identity of the executing thread for
protection with RACF.
![[Updated in March 2011]](../../deltaend.gif)
mar2011
- Type the keystore password again in the Confirm Password field
to confirm the password.
- Select a keystore type from the list. The type
that you select is for the keystore file that you specified in the Path field.
- Select any of the following optional selections:
- The Read only selection creates a keystore configuration
object but does not create a keystore file. If this option is selected,
the keystore file that you specified in the Path field must
already exist.
- The Initialize at startup selection initializes the
keystore during runtime.
- Click Apply and Save.
Results
You have created a keystore configuration object for the keystore
file that you specified. This keystore can now be used in an SSL
configuration.
Note: You also can use this method to
add a z/OS keyring file to the configuration. The keyring file must
be read only, not file-based.
What to do next
You can create additional keystore configurations, as needed.