Network Deployment (Distributed operating systems), v8.0 > Reference > Sets
Key store settings
Use this page to create all keystore types, including cryptographic, Resource Access Control Facility (RACF), Certificate Management Services (CMS), Java, and all truststore types. From the admin console...
Security | SSL certificates and key management
Under Configuration settings, click Manage endpoint security configurations > {Inbound | Outbound}. Under Related Items, click Key stores and certificates. Click either New or an existing keystore.
Links to Personal certificates, Signer certificates, and Personal certificate requests enable you to manage certificates in a manner similar to iKeyman capabilities. A keystore can be file-based, such as CMS or Java keystore types, or it can be remotely managed.
Any changes made to this panel are permanent.
Name
Unique name to identify the keystore. The keystore is typically scoped by the ManagementScope scopeName based on the location of the keystore. The name must be unique within the existing keystore collection.
Data type: Text
Description
Description of the keystore.
Data type: Text
Management scope
Scope where this SSL configuration is visible. For example, if you choose a specific node, then the configuration is only visible on that node and any servers that are part of that node.
Data type: Text
Path
Location of the keystore file in the format needed by the keystore type. This file can be a dynamic link library (DLL) for cryptographic devices or a filename or file URL for file-based keystores. It can be a safkeyring URL for RACF keyrings.
Data type: Text
Control region user
Specifies the Control region Started Task user ID in which the Control region System Authorization Facility (SAF) keyring is created. The user ID must match the exact ID being used by the Control region. Note: This option only applies when creating writable SAF keyrings on z/OS.
Data type: Text
Servant region user
Specifies the Servant region Started Task user ID in which the Servant region System Authorization Facility (SAF) keyring is created. The user ID must match the exact ID being used by the Servant region. Note: This option only applies when creating writable SAF keyrings on z/OS.
Data type: Text
Password [new keystore] | Password [existing keystore]
Password used to protect the physical keystore in the operating system. For the default keystore (names ending in DefaultKeyStore or DefaultTrustStore), the password is WebAS. This default password must be changed.
This field can be edited.
Data type: Text To push the key store to all nodes, the path should be: ${CONFIG_ROOT}/cells/CELLNAME/yourkeystore.kdb.
Confirm password
Specifies confirmation of the password to open the keystore file or device.
Data type: Text
Type
Implementation for keystore management. This value defines the tool that operates on this keystore type.
The list of options is returned by java.security.Security.getAlgorithms("KeyStore"). Some options might be filtered and some might be added based on the java.security configuration.
Data type: Text Default: PKCS12
Read only
Whether the keystore can be written to or not. If the keystore cannot be written to, certain operations cannot be performed, such as creating or importing certificates.
Default: Disabled
Remotely managed
Whether the key store is remotely managed, which means that a remote MBean call is needed to update the key store based on the host name specified in the host list field. Most hardware cryptographic token devices are remotely managed. If a key store is marked remotely managed, list the host name of the server where the device is installed in the Host list field.
Default:
Initialize at startup
Whether the keystore needs to be initialized before it can be used for cryptographic operations. If enabled, the keystore is initialized at server startup.
Default: Disabled
Enable cryptographic operations on hardware device
Whether a hardware cryptographic device is used for cryptographic operations only. Operations that require a login are not supported when using this option.
Default: Disabled
Create an SSL configuration
Related
Keystores and certificates collection