Trust anchor

A trust anchor specifies the key stores that contain trusted root certificates. These certificates are used to validate the X.509 certificate that is embedded in the SOAP message.

When using WebSphere® Application Server with the JAX-RPC programming model, key stores are implemented with the following message points to validate the X.509 certificate that is used for digital signature or XML encryption:
  • Request consumer, as defined in the ibm-webservices-bnd.xmi file.
  • Response consumer, as defined in the ibm-webservicesclient-bnd.xmi file when a web service is acting as a client to another web service.
For WebSphere Application Server Version 7.0 and later, using JAX-WS, key stores are used by the following message points to validate the X.509 certificate that is used for digital signature or XML encryption:
  • Request consumer, as defined in the inbound keys and certificates of the WS-Security bindings.
  • Response consumer, as defined in the inbound keys and certificates of the WS-Security bindings when a web service is acting as a client to another web service.

Key stores are critical to the integrity of the digital signature validation. If the key stores are tampered with, the result of the digital signature verification is doubtful and compromised. Therefore, it is recommended that you secure the key stores. The binding configuration specified for the consumer must match the binding configuration for the generator.

The trust anchor is defined as java.security.cert.TrustAnchor in the Java™ CertPath application programming interface (API). The Java CertPath API uses the trust anchor and the certificate store to validate the incoming X.509 certificate that is embedded in the SOAP message. The Web Services Security implementation in WebSphere Application Server supports this trust anchor. In WebSphere Application Server, the trust anchor is represented as a Java key store object. The type, path, and password of the key store are passed to the implementation through the administrative console or by scripting.


指出主題類型的圖示 概念主題



時間戳記圖示 前次更新: July 9, 2016 11:12
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=cwbs_trustancv6
檔名:cwbs_trustancv6.html