Add truststore files
Overview
A truststore file is a key database file that contains public keys. The public key is stored as a signer certificate. The keys are used for a variety of purposes, including authentication and data integrity. In WebSphere Application Server, adding truststore files to the configuration is different between client and server. For the client, a truststore file is added to a property file, like sas.client.props. For the server, a truststore file is added through the WebSphere Application Server administrative console.
Before you add the truststore file to your configuration, ask the following questions:
- If you configure for client authentication using digital certificate,
has the public key of the client personal certificate been imported as a signer
certificate into the server truststore file?
- Does the truststore file contain all the required signer certificates with respect to the keystore files of the target servers?
- Add a truststore file into a client configuration, by editing the sas.client.props file
and setting the following properties:
- com.ibm.ssl.trustStoreType for the truststore format. Range: JKS
(default), PKCS12KS, JCEK, JCERACFKS. Use JCERACFKS if you are using a RACF
key ring as the truststore.
- com.ibm.ssl.trustStore for
a fully qualified path to the truststore file. The truststore file contains
the public keys.
- com.ibm.ssl.trustStorePassword for the password to access the truststore file. The com.ibm.ssl.trustStorePassword property should be set to password if you are using a RACF key ring as a trust store.
- com.ibm.ssl.trustStoreType for the truststore format. Range: JKS
(default), PKCS12KS, JCEK, JCERACFKS. Use JCERACFKS if you are using a RACF
key ring as the truststore.
- Add a truststore file into a server configuration:
- Start the WebSphere administrative console by specifying : http://server_host_name:9090/admin.
- Click Security > SSL.
- Create a new Secure Sockets Layer (SSL) setting alias if one
does not exist.
- Select the alias that you want to add into the truststore file.
- Type the Trust File Password for the password to access the
truststore file. Type password if you are using a RACF key ring for
the trust store.
- Select the Trust File Format for the truststore type. JKS (Default),
PKCS12KS, JCEK.
- Click OK and Save to save the configuration.
- Start the WebSphere administrative console by specifying : http://server_host_name:9090/admin.
Results
The SSL configuration alias now contains a valid truststore file for an SSL connection.
Example
- SSL connection for Internet InterORB Protocol (IIOP)
- SSL connection for Lightweight Directory Access Protocol (LDAP)
- SSL connection for Hypertext Transfer Protocol (HTTP)
Secure Sockets Layer
Managing digital certificates
Configuring Common Secure Interoperability V2 and Security Authentication Service authentication protocols