[Version 6 only]WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring trust anchors on the server or cell level

Before you begin

Prior to completing the steps to configure trust anchors, you must create the keystore file using the key tool. WebSphere Application Server provides the key tool in the install_dir/java/jre/bin/keytool file.

Why and when to perform this task

This task provides the steps that are needed to configure a list of keystore objects that contain trusted root certificates. These objects are used for certificate path validation of incoming X.509-formatted security tokens. Keystore objects within trust anchors contain trusted root certificates that are used by the CertPath application programming interface (API) to determine whether to trust a certificate chain.

Complete the following steps to configure the trust anchors on the server level:

Steps for this task

  1. Access the default bindings for the server level.
    1. Click Servers > Application servers > server_name.
    2. Under Security, click Web services: Default bindings for Web services security.
  2. Under Additional properties, click Trust anchors.
  3. Click New to create a trust anchor configuration, click Delete to delete an existing configuration, or click the name of an existing trust anchor configuration to edit its settings. If you are creating a new configuration, enter a unique name for the trust anchor in the Trust anchor name field.
  4. Specify a password in the Key store password field that is used to access the keystore file.
  5. Specify the absolute location of the keystore file in the Key store path field. It is recommended that you use the USER_INSTALL_ROOT variable as a portion of the keystore path. To change this predefined variable, click Environment > WebSphere variables. The USER_INSTALL_ROOT variable might display on the second page of variables.
  6. Specify the type of keystore file in the key store type field. WebSphere Application Server supports the following keystore types:
    JKS
    Use this option if you are not using Java Cryptography Extensions (JCE) and your keystore file uses the Java Key Store (JKS) format.
    JCEKS
    Use this option if you are using Java Cryptography Extensions.
    PKCS11KS (PKCS11)
    Use this option if your keystore file uses the PKCS#11 file format. Keystore files that use this format might contain Rivest Shamir Adleman (RSA) keys on cryptographic hardware or might encrypt keys that use cryptographic hardware to ensure protection.
    PKCS12KS (PKCS12)
    Use this option if your keystore file uses the PKCS#12 file format.
  7. Click OK and Save to save your configuration.

Result

You have configured trust anchors at the server or cell level.



Related tasks
Securing Web services for version 6.0.x applications based on WS-Security

Task topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/twbs_conftrancsvrcell.html

© Copyright IBM Corporation 2004, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)