Collection certificate store
A collection certificate store is a collection of nonroot, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs is used to check the signature of a digitally signed SOAP message.
The collection certificate stores are used when processing a received SOAP message. This collection is configured in the securityRequestReceiverBindingConfig section of the binding file for servers and in the securityResponseReceiverBindingConfig section of the binding file for clients.
A collection certificate store is one kind of certificate store. A certificate store is defined as javax.security.cert.CertStore in the Java CertPath application programming interface (API). The Java CertPath API defines the following types of certificate stores:
- Collection certificate store
- A collection certificate store accepts the certificates and CRLs as Java collection objects.
- Lightweight Directory Access Protocol certificate store
- The Lightweight Directory Access Protocol (LDAP) certificate store accepts certificates and CRLs as LDAP entries.
The Web services security implementation in the WebSphere Application Server supports the collection certificate store. Each certificate and CRL is passed as an encoded file. This configuration is done using either the administrative console or by scripting.
Trust anchors
Securing Web services using XML digital signature