Broker 10.5 | webMethods Broker Documentation | Administering webMethods Broker | Managing Broker Security | Converting Certificate Files | Broker Certificate Conversion Utility | Trusted Roots and Truststore Files
Trusted Roots and Truststore Files
Unlike pre-version 7.1 keystores, keystores used by Broker 7.1 and later do not contain trusted roots. The Conversion utility removes the trusted roots from the pre-7.1 keystore files upon creating the new keystore file(s), but does not generate a truststore file. These truststore files must be created manually using a certificate editing utility (see Managing Certificate Files with OpenSSL).
If the only information you have about the trusted roots for your certificates is in the old keystore file, create your truststore file before using the Certificate Conversion utility. That is because the utility deletes information about the trusted roots during the new keystore conversion process. If you need to retrieve the trusted root information, use awcert (Broker Certificate Manager Command-Line Utility available with previous versions of Broker) along with its command reference.