Adding truststore files

Before you begin

A truststore file is a key database file that contains public keys. The public key is stored as a signer certificate. The keys are used for a variety of purposes, including authentication and data integrity. In WebSphere Application Server, adding truststore files to the configuration is different between client and server. For the client, a truststore file is added to a property file, like sas.client.props. For the server, a truststore file is added through the WebSphere Application Server administrative console.

Before you add the truststore file to your configuration, ask the following questions:

Steps for this task

  1. Add a truststore file into a client configuration, by editing the sas.client.props file and setting the following properties:
    • com.ibm.ssl.trustStoreType for the truststore format. Range: JKS (default), PKCS12KS, JCEK, JCERACFKS. Use JCERACFKS if you are using a RACF key ring as the truststore.
    • com.ibm.ssl.trustStore for the name of the RACF key ring you want JSSE to use. Specify safkeyring:///.
    • com.ibm.ssl.trustStorePassword for the password to access the truststore file. The com.ibm.ssl.trustStorePassword property should be set to password if you are using a RACF key ring as a trust store.
  2. Add a truststore file into a server configuration:
    1. Start the WebSphere administrative console by specifying : http://server_host_name:9090/admin.
    2. Click Security > SSL.
    3. Click Security > SSL and select New JSSE Repertoire.
    4. Create a new Secure Sockets Layer (SSL) setting alias if one does not exist.
    5. Select the alias that you want to add into the truststore file.
    6. Type the Trust File Name for the path of the truststore file. Type safkeyring:/// if you are using a RACF key ring for the trust store.
    7. Type the Trust File Password for the password to access the truststore file. Type password if you are using a RACF key ring for the trust store.
    8. Select the Trust File Format for the truststore type. JKS (Default), PKCS12KS, JCEK.
    9. Click OK and Save to save the configuration.

Results

The SSL configuration alias now contains a valid truststore file for an SSL connection.

Example


Related concepts
Secure Sockets Layer
Related tasks
Configuring Common Secure Interoperability Version 2 and Security Authentication Service authentication protocols



Searchable topic ID:   tsecaddtrust
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_addtrust.html

Library | Support | Terms of Use | Feedback