Collection certificate store
A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs is used to check the signature of a digitally signed SOAP message.
A collection certificate store is used when WebSphere® Application Server is processing a received SOAP message. For JAX-RPC applications, this collection is configured in the Request Consumer Service Configuration Details section of the binding file for servers and in the Response Consumer Configuration section of the binding file for clients. You can configure these two sections using one of the assembly tools provided by WebSphere Application Server. See the assembly tools information in the topic Assembly tools.
For JAX-WS applications, this collection is configured using the administrative console in the Keys and certificates panel of the WS-Security policy set bindings.
- Collection certificate store
- A collection certificate store accepts the certificates and CRLs as Java collection objects.
- Lightweight Directory Access Protocol certificate store
- The Lightweight Directory Access Protocol (LDAP) certificate store accepts certificates and CRLs as LDAP entries.
The CertPath API uses the certificate store and the trust anchor to validate the incoming X.509 certificate that is embedded in the SOAP message. The Web Services Security implementation in the WebSphere Application Server supports the collection certificate store. Each certificate and CRL is passed as an encoded file.