Creating a keystore file
The keystore file is a key database file that contains both public
keys and private keys. Public keys are stored as signer certificates while
private keys are stored in the personal certificates. The keys are used for
a variety of purposes, including authentication and data integrity. You can
use both the key management utility (iKeyman) and the keytool utility to create
keystore files.
Before you begin
Read the documentation located
at http://www.ibm.com/developerworks/java/jdk/security/iKeymanDocs.zip for
further information.
Steps for this task
- Start the iKeyman utility,
if it is not already running.
- Open a new key database file by clicking Key Database File >
New from the menu bar.
- Select the Key Database Type: JKS (default), PKCS12, JCEKS, JCERACFKS
(z/OS only) or JCE4758RACFKS (z/OS only). This is the key file format (or
the value of com.ibm.ssl.keyStoreType property in the sas.client.props file)
when you configure the SSL setting for your application.
- Type in the file name and location. The full path of this key database
file is used as the key file name (or the value of the com.ibm.ssl.keyStore property
in the sas.client.props file) when you configure the SSL setting
for your application.
- Click OK to continue.
- Then, type in password to restrict access to the file. This password
is used as the key file password (or the value of com.ibm.ssl.keyStorePassword property
in the sas.client.props file) when you configure the SSL setting
for your application. Do not set an expiration date on the password or save
the password to a file; you must then reset the password when it expires or
protect the password file. This password is used only to release the information
stored by the key management utility during run time.
- Click OK to continue. The tool displays all of the available
default signer certificates. These certificates are the public keys of the
most common certificate authorities (CAs). You can add, view or delete signer
certificates from this panel.
Results
A new SSL keystore file is created.
What to do next
Prepare keystore files for an SSL connection.
Specify the keystore
file in the configuration of WebSphere Application Server. Create a truststore
if one does not yet exist.

Secure Sockets Layer
Searchable topic ID:
tseccekeen
Last updated: Jun 21, 2007 8:07:48 PM CDT
WebSphere Business Integration Server Foundation, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/tsec_cekeen.html