Adding keystore files

A keystore file contains both public keys and private keys. Public keys are stored as signer certificates while private keys are stored in the personal certificates. In WebSphere Application Server, adding keystore files to the configuration is different between client and server. For the client, a keystore file is added to a property file like sas.client.props. For the server, a keystore file is added through the WebSphere Application Server administrative console.

Before you begin

Before you add the keystore file to your configuration, consider the following questions:

Steps for this task

  1. Add a keystore file into a client configuration by editing the sas.client.props file and setting the following properties:
    • com.ibm.ssl.keyStoreType for the keystore format. Range: JKS (default), PKCS12KS, JCEK, JCERACFKS, JCE4758RACFKS.
    • com.ibm.ssl.keyStore for a fully qualified path to the keystore file. The keystore file contains private keys and sometimes public keys. For RACF key rings, com.ibm.ssl.keyStore should be set to safkeyring:///.
    • com.ibm.ssl.keyStorePassword for the password to access the keystore file. For RACF key rings, com.ibm.ssl.keyStorePassword should be set to password, and com.ibm.ssl.keyStoreType should be set to JCERACFKS if using a RACF key ring.
  2. Add a keystore file into a server configuration:
    1. Start the WebSphere administrative console by specifying: http://server_hostname:9090/admin.
    2. Click Security > SSL Configuration Repertoires.
    3. Create a new Secure Sockets Layer (SSL) setting alias if one does not exist.
    4. Click Security > SSL and select New JSSE Repertoire.
    5. Select the alias that you want to add into the keystore file.
    6. Type in the Key File Name for the path of the keystore file. Type safkeyring:///your_keyring_name if you want to use certificates and keys contained in a RACK key ring.
    7. Type in the Key File Password for the password to access the keystore file. Type password if you are using a RACF key ring.
    8. Select the Key File Format for the keystore type. Range: JKS (default), PKCS12KS, or JCEK.
    9. Click OK and Save to save the configuration.

Results

The SSL configuration alias now has a valid keystore file for an SSL connection.

Example


Related concepts
Secure Sockets Layer
Related tasks
Configuring Common Secure Interoperability Version 2 and Security Authentication Service authentication protocols



Searchable topic ID:   tsecaddkeys
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_addkeys.html

Library | Support | Terms of Use | Feedback