Trust files are used for a secure connection between the Natural Web I/O Interface server and the Natural Web I/O Interface client. Server authentication cannot be switched off. A trust file is always required.

A trust file contains the certificates that you trust. These can be certificates of a CA (Certificate Authority) such as VeriSign, or self-signed certificates.

In the configuration tool, you define the path and, if required, the password for the trust file. With the server authentication, the Natural Web I/O Interface client checks whether the certificate of the Natural Web I/O Interface server is known. If it is not known, the connection is rejected.

When a trust file is not defined in the configuration tool, the Natural Web I/O Interface client tries to read the file calist from the lib/security directory of the Java Runtime Environment (JRE). The default password for this file is "changeit".

To create your own trust file, you can use, for example, Sun's keytool utility which can be found in the bin directory of the Java Runtime Environment (JRE). Here are some helpful examples:

• Create an empty, password-protected trust file:

  keytool -genkey -alias foo -keystore truststore.jks -storepass "your-passwort"
  keytool -delete -alias foo -keystore truststore.jks

• Import a certificate:

  keytool -import -alias "name-for-ca" -keystore truststore.jks -storepass "your-passwort" -file server.cert.crt

  You should use a meaningful name for the alias.

• List the certificates in a trust file:

  keytool -list -v -keystore truststore.jks

• Delete a certificate from a trust file:

  keytool -delete -alias "name-for-ca" -keystore truststore.jks

When you modify the trust file or its password, you have to restart the application server so that your modification takes effect.