A collection certificate store is
a collection of non-root, certificate authority (CA) certificates and certificate
revocation lists (CRLs). This collection of CA certificates and CRLs is used
to check the signature of a digitally signed SOAP message.
Important: There is an important distinction between Version 5.x and
Version 6.0.x applications. The information in this article supports
Version 5.x applications only that are used with WebSphere® Application
Server Version 6.0.x and later. The information does not apply to Version
6.0.x applications.
The collection certificate stores are used when processing a received SOAP
message. This collection is configured in the securityRequestReceiverBindingConfig
section of the binding file for servers and in the securityResponseReceiverBindingConfig
section of the binding file for clients.
A collection certificate store is one kind of certificate store. A certificate
store is defined as javax.security.cert.CertStore in the Java
CertPath application programming interface (API). The Java
CertPath API defines the following types of certificate
stores:
- Collection certificate store
- A collection certificate store accepts the certificates and CRLs as Java collection
objects.
- Lightweight Directory Access Protocol certificate store
- The Lightweight Directory Access Protocol (LDAP) certificate store accepts
certificates and CRLs as LDAP entries.
The
CertPath API uses the certificate
store and the trust anchor to validate the incoming
X.509 certificate
that is embedded in the SOAP message.
The Web services security implementation in the WebSphere Application Server supports
the collection certificate store. Each certificate and CRL is passed as an
encoded file. This configuration is done using either the administrative console
or by scripting.