A Secure Sockets Layer (SSL) configuration references keystore
configurations during security processing. If another keystone tool
is used to create a keystore file, or the keystone file was saved
from a previous configuration, you must create a new keystone configuration
object that references the preexisting keystone file. The server then
uses this new keystone configuration object to obtain information
from the preexisting keystone file.
Before you begin
A keystore must already exist.
Alternative Method: To create a keystore by
using the wsadmin tool, use the createKeyStore command of the
AdminTask object. For more information, see the KeyStoreCommands
command group for the AdminTask object article.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations > {Inbound | Outbound}.
- Under Related Items, click Key stores and certificates,
then click New.
- Type a name in the Name field. This name
uniquely identifies the keystore in the configuration.
- Type the location of the keystore file in the Path field. The location can be a file name or a file URL to an existing
keystore file.
Type the keystore password in the Password field. This password is for the keystore file that you specified in
the Path field.
- Type the keystore password again in the Confirm Password field
to confirm the password.
- Select a keystore type from the list. The type
that you select is for the keystore file that you specified in the Path field.
- Select any of the following optional selections:
- The Read only selection creates a keystore configuration
object but does not create a keystore file. If this option is selected,
the keystore file that you specified in the Path field must
already exist.
- The Initialize at startup selection initializes the
keystore during runtime.
- The Enable cryptographic operations on a hardware device specifies
whether a hardware cryptographic device is used for cryptographic
operations only.
Avoid trouble: Operations
that require login are not supported when using this option.
gotcha
- Click Apply and Save.
Results
You have created a keystore configuration object for the
keystore file that you specified. This keystore can now be used in
an SSL configuration.