Creating truststore files
A truststore file is a key database file that contains the public
keys for target servers. The public key is stored as a signer certificate.
If the target uses a self-signed certificate, extract the public certificate
from the server keystore file. Add the extracted certificate into the truststore
file as a signer certificate. For a commercial certificate authority (CA),
the CA root certificate is added. The truststore file can be a more publicly
accessible key database file that contains all the trusted certificates.
Before you begin
Read the documentation located at http://www.ibm.com/developerworks/java/jdk/security/iKeymanDocs.zip
for further information.
Steps for this task
- Start the key management
utility (iKeyman), if it is not already running.
- Open a new key database file by clicking Key Database File >
New from the menu bar.
- Click the Key Database Type: JKS(Default), PKCS12, JCEKS,
JCERACKFKS (z/OS only) or JCE4758RACFKS (z/OS only).
The
key database type is the trust file format (or the value of the com.ibm.ssl.trustStoreType property
in the sas.client.props file) when you configure the SSL setting
for your application.
- Type in the file name and location. The full path of this key database
file is used as the trust file name (or the value of com.ibm.ssl.trustStore property
in the sas.client.props) when you configure the SSL setting for your
application.
- Click OK to continue.
- Type in a password to restrict access to the file. This password
is used as the trust file password (or the value of the com.ibm.ssl.trustStorePassword property
in the sas.client.props file) when you configure the SSL setting
for your application.
Do not set an expiration date on the password
or save the password to a file. You must reset the password when it expires
or protect the password file. This password is used only to release the information
stored by the key management utility during run time.
- Click OK to continue. The tool now displays all of the available
default signer certificates. These are the public keys of the most common
CAs. You can add, view or delete signer certificates from this screen.
Results
A new SSL truststore file is created.
What to do next
Specify the truststore file in the configuration of WebSphere Application
Server. Create a keystore file if one does not exist.

Secure Sockets Layer
Searchable topic ID:
tsectruststore
Last updated: Jun 21, 2007 4:55:42 PM CDT
WebSphere Application Server Network Deployment, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_truststore.html