API Gateway 10.11 | Administering API Gateway | Security Configuration | Keystore and Truststore
 
Keystore and Truststore
 
Configuring Keystore Information
Modifying Keystore Information
Deleting Keystore Information
Configuring Truststore Information
Modifying Truststore Information
Deleting Truststore Information
Configuring Keystore and Truststore Information for Inbound Messages
Configuring Keystore and Truststore Information for Outbound Connections
Keystores and truststores are secure files with industry-standard file formats. The keystore file stores the private keys and SSL certificates and the truststore file stores the trusted roots for the certificates.
A keystore file contains one or more pairs of a private key and signed certificate for its corresponding public key. The keystore should be strongly protected with a password, and stored (either on the file system or elsewhere) so that it is accessible only to administrators.
The truststore file functions as a database containing all the public keys for CAs within a specified trusted directory.
To enable the two-way SSL for inbound connections, you must add a valid, authorized X.509 certificate along with the private key in a keystore file and the certificate of the client or partner in the API Gateway truststore file. To enable two-way SSL for outbound connections you have to add the certificate of the native API to the API Gateway truststore file. These keystore and truststore files have to be referred to in the HTTPs port that is used to access the API Gateway service.
API Gateway has a sample keystore that contains self-signed certificates, which are located in InstallDir\IntegrationServer\instances\default\packages\WmAPIGateway\config\resources\security. The sample self-signed certificates are specific to localhost and hence Software AG recommends not to use them for configuring SSL communication with API Gateway in a production environment.
Note:
Any modifications to the keystore and truststore aliases in Integration Server do not reflect in API Gateway. Hence, Software AG recommends that you do not modify the aliases through the Integration Server Administrator. On migration from 10.0 to 10.1, the existing configuration in 10.0 is migrated to the API Gateway UI.