Creating a keystore file

The keystore file is a key database file that contains both public keys and private keys. Public keys are stored as signer certificates while private keys are stored in the personal certificates. The keys are used for a variety of purposes, including authentication and data integrity.

Before you begin

[AIX HP-UX Linux Solaris Windows] You can use both the key management utility (iKeyman) and the keytool utility to create keystore files.

Read the documentation located at http://www-128.ibm.com/developerworks/java/jdk/security/50/ for further information.

Procedure

  1. Start the iKeyman utility, if it is not already running.
  2. Open a new key database file by clicking Key Database File > New from the menu bar.
  3. Select the Key Database Type: JKS (default), PKCS12, JCEKS, or JCERACFKS (z/OS only). This is the key file format (or the value of com.ibm.ssl.keyStoreType property in the sas.client.props file) when you configure the SSL setting for your application.
  4. [Version 6.0.2] Select the Key Database Type: JKS (default), PKCS12, JCEKS, JCERACFKS (z/OS only) or JCE4758RACFKS (z/OS only). This is the key file format (or the value of com.ibm.ssl.keyStoreType property in the sas.client.props file) when you configure the SSL setting for your application.
  5. Type the file name and location. The full path of this key database file is used as the key file name (or the value of the com.ibm.ssl.keyStore property in the sas.client.props file) when you configure the Secure Sockets Layer (SSL) setting for your application.
  6. Click OK to continue.
  7. Type a password to restrict access to the file. This password is used as the key file password (or the value of com.ibm.ssl.keyStorePassword property in the sas.client.props file) when you configure the SSL setting for your application. Do not set an expiration date on the password or save the password to a file; you must then reset the password when it expires or protect the password file. This password is used only to release the information stored by the key management utility during runtime.
  8. Click OK to continue. The tool displays all of the available default signer certificates. These certificates are the public keys of the most common certificate authorities (CAs). You can add, view or delete signer certificates from this panel.

Results

A new SSL keystore file is created.

What to do next

Prepare keystore files for an SSL connection.

Specify the keystore file in the configuration of WebSphere Application Server. Create a truststore if one does not yet exist.




In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 9:31:45 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-mp&topic=tseccekeen
File name: tsec_cekeen.html