Trust files are used for a secure connection between the Natural Web I/O Interface server and the Natural Web I/O Interface client or Natural for Ajax. Server authentication cannot be switched off. A trust file is always required.
A trust file contains the certificates that you trust. These can be certificates of a CA (Certificate Authority) such as VeriSign, or self-signed certificates.
In the configuration tool, you define the path and, if required, the password for the trust file. With the server authentication, the Natural Web I/O Interface client or Natural for Ajax checks whether the certificate of the Natural Web I/O Interface server is known. If it is not known, the connection is rejected.
When a trust file is not defined in the configuration tool, the Natural Web I/O Interface client or Natural for Ajax tries to read the file calist from the lib/security directory of the Java Runtime Environment (JRE). The default password for this file is "changeit".
To create your own trust file, you can use, for example, Sun's keytool utility which can be found in the bin directory of the Java Runtime Environment (JRE). Here are some helpful examples:
Create an empty, password-protected trust file:
keytool -genkey -alias foo -keystore truststore.jks -storepass "your-passwort" keytool -delete -alias foo -keystore truststore.jks
Import a certificate:
keytool -import -alias "name-for-ca" -keystore truststore.jks -storepass "your-passwort" -file server.cert.crt
You should use a meaningful name for the alias.
List the certificates in a trust file:
keytool -list -v -keystore truststore.jks
Delete a certificate from a trust file:
keytool -delete -alias "name-for-ca" -keystore truststore.jks
When you modify the trust file or its password, you have to restart the application server so that your modification takes effect.
