A Secure Sockets Layer (SSL) configuration references keystore
configurations during WebSphere® Application Server
runtime. Whether a keystore file was created by another keystore tool
or saved from a previous configuration, the file must be referenced
by a keystore configuration object to be used by the server. A keystore
configuration object can be created to reference a pre-existing keystore
object.
Before you begin
A keystore must already exist.
Alternative Method: To create a keystore by
using the wsadmin tool, use the createKeyStore command of the
AdminTask object. For more information, see the KeyStoreCommands
command group for the AdminTask object article.
About this task
Complete
the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management
> Manage endpoint security configurations > {Inbound | Outbound}.
- Under Related Items, click Key stores and certificates,
then click New.
- Type a name in the Name field.
This name
uniquely identifies the keystore in the configuration.
- Type the location of the keystore file in the Path field.
The location can be a file name or a file URL
to an existing keystore file.
- Type
the Control region Started Task user
ID in which the Control region System Authorization Facility (SAF)
keyring is to be created in the Control region user field.
The user ID must match the exact ID being used by the Control
region.
Note: This option only applies when creating writable SAF keyrings
on z/OS®.
-
Type the servant region Started Task user
ID in which the servant region System Authorization Facility (SAF)
keyring is to be created in the Servant region user field.
The user ID must match the exact ID being used by the Control
region.
Note: This option only applies when creating writable SAF keyrings
on z/OS.
- Type the keystore password in
the Password field.
This
password is for the keystore file that you specified in the Path field.
To
be compatible with the JCE keystore in requiring a password,
the JCERACFKS password is password. Security
for this keystore is not really protected using a password as other
keystore types, but rather it is based on the identity of the executing
thread for protection with RACF.
- Type
the keystore password again in the Confirm Password field to
confirm the password.
- Select a keystore type
from the list. The type
that you select is for the keystore file that you specified in the Path field.
- Select any of the following optional selections:
- Click Apply and Save.
Results
You have created a keystore configuration object
for the keystore
file that you specified. This keystore can now be used in an SSL
configuration.
Note: You also can use this method to
add a z/OS keyring file to the configuration. The
keyring file must be read only, not file-based.
What to do next
You
can create additional keystore configurations, as needed.