WebSphere Message Broker, Version 8.0.0.7
Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS
See information about the latest product version
See information about the latest product version
Create and initialize the broker keystore and truststore (z/OS®)
Create a keystore and import your personal certificate and signer certificates.
Before you start:
Note: Due to export restrictions, the IBM® JDKs ship with a set of restricted policy
files that limit the size of the cryptographic keys that are supported.
To overcome these restrictions, use the unrestricted policy files
in the $JAVA_HOME/lib/security directory:
- local_policy.jar
- US_export_policy.jar
The unrestricted policy files are the same for the IBM JDK 1.4.2, IBM JDK 5, and IBM JDK 6. These files are in the JAVA_HOME/demo/jce/policy-files/unrestricted directory.
This topic describes how to use the same file as keystore
and truststore. To specify different files, complete the process twice:
- Do not import signer certificates into the keystore.
- Do not import personal certificates into the truststore.
The tasks use keytool to create the keystore. An alternative is the ikeyman graphical tool, which requires an X Window System.
The following are the
steps required to create and initialize the broker keystore:
- Create the keystore. keytool requires a dummy key to be created to force the creation of the keystore file. The dummy key is deleted after the keystore is created.
- Import the CA signer certificate or certificates. These are certificates that have signed certificates of client applications that connect to the WebSphere® Message Broker and that are accepted as trusted applications.
What to do next: Configure WebSphere Message Broker on z/OS for SSL.