Broker 10.15 | webMethods Broker Documentation | Administering webMethods Broker | Managing Broker Security | Securing Broker Server Using SSL | Certificate Files | Truststore File | Truststore File Formats
 
Truststore File Formats
The allowable formats for truststores are different than those for keystores; PKCS#12 cannot be used as the format for truststores because it cannot hold multiple certificates. The following table lists the Broker components that must be assigned SSL identities and their allowable truststore formats.
Component
Truststore File Format
Broker Server
PEM
Broker admin component
JKS
Client (JMS)
JKS
Client (Java)
JKS
*The format for the Broker Server is PEM. Software AG recommends using the OpenSSL certificate editing tool to manage keystores in this format. You can also use other certificate management tools that work with the PEM format.
*The format of truststores for Java client programs, JMS client programs, and the Broker admin component is Java keystore (JKS). You create and manage JKS truststores at the command line using keytool, Oracle's key and certificate management tool.
*You manage the truststore for C# clients through the Microsoft Management Console (MMC). Instructions for managing keystores and truststores for C# client programs are provided in the webMethods Broker Messaging Programmer’s Guide.
Setting up a truststore file is one of the first steps in configuring SSL for a Broker component. For information about configuring a truststore, see Managing Certificate Files with OpenSSL.