Adding keystore files
A keystore file contains both public keys and private keys. Public
keys are stored as signer certificates while private keys are stored in the
personal certificates. In WebSphere Application Server, adding keystore files
to the configuration is different between client and server. For the client,
a keystore file is added to a property file like sas.client.props.
For the server, a keystore file is added through the WebSphere Application
Server administrative console.
Before you begin
Before you add the keystore file to your configuration, consider the
following questions:
- Is a self-signed or a certificate authority (CA)-signed personal certificate
created in the keystore file?
- If you configure client authentication using digital certificates, is
the public key of the signed personal certificate imported as a signer certificate
into the server truststore file?
Steps for this task
- Add a keystore file into a client configuration by editing the sas.client.props file
and setting the following properties:
- com.ibm.ssl.keyStoreType for the keystore format. Range: JKS (default),
PKCS12KS, JCEK, .
- com.ibm.ssl.keyStore for a fully qualified path to the keystore
file. The keystore file contains private keys and sometimes public keys.
- com.ibm.ssl.keyStorePassword for the password to access the keystore
file.
- Add a keystore file into a server configuration:
- Start the WebSphere administrative console by specifying: http://server_hostname:9090/admin.
- Click Security > SSL Configuration Repertoires.
- Create a new Secure Sockets Layer (SSL) setting alias if one
does not exist.
- Select the alias that you want to add into the keystore file.
- Type in the Key File Name for the path of the keystore file.
- Type in the Key File Password for the password to access the
keystore file.
- Select the Key File Format for the keystore type. Range:
JKS (default), PKCS12KS, or JCEK.
- Click OK and Save to save the configuration.
Results
The SSL configuration alias now has a valid keystore file for an SSL
connection.
Note: If
the Cryptographic Token field is selected and you only want to use cryptographic
tokens for your keystore file, leave the Key File Name field and the Key File
Password field blank.
Example
- SSL connection for Internet InterORB Protocol (IIOP)
- SSL connection for Lightweight Directory Access Protocol (LDAP)
- SSL connection for Hypertext Transfer Protocol (HTTP)

Secure Sockets Layer

Managing digital certificates
Configuring Common Secure Interoperability Version 2 and Security Authentication Service authentication protocols
Searchable topic ID:
tsecaddkeys
Last updated: Jun 21, 2007 8:07:48 PM CDT
WebSphere Business Integration Server Foundation, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/tsec_addkeys.html