Broker 10.5 | webMethods Broker Documentation | Administering webMethods Broker | Managing Broker Security | Securing Broker Server Using SSL | Certificate Files | Keystore File | Keystore File Formats
Keystore File Formats
Before creating a keystore file to store a certificate, you need to know which file format to use.
*You can use the PKCS#12 certificate format for the keystore for any Broker component: the Broker Server, the Broker admin component, or a client.
PKCS#12 is a commonly used, standardized, certificate file format that provides a high degree of portability.
*You can use PEM (Privacy Enhanced Mail) format for the keystore for the Broker Server. You cannot use this format for the keystore for the Broker admin component or a client.
PEM is a base-64 encoded data format used for text-based communications; it provides the ability to encrypt the data before encoding it.
Previous versions of webMethods Broker (version 6.5.2 and earlier) use the Spyrus certificate file format for keystores. The Spyrus format is not compatible with the keystore formats used in this version of Broker. For information about how to upgrade version 6.5.2 and earlier Broker keystores to keystores for the current version of Broker, see Converting Certificate Files.
OpenSSL, the open-source implementation of SSL that Broker uses, provides its own set of certificate management tools. These tools are supplied with Broker. You can use the OpenSSL command-line tool to manage keystores in the PKCS#12 and PEM formats, and any other certificate management tools that work with these formats. For more information, see Managing Certificate Files with OpenSSL.