Keystore File Formats
Before creating a keystore file to store a certificate, you need to know which file format to use.
You can use the PKCS#12 certificate format for the keystore for any
Broker component: the
Broker Server, the
Broker admin component, or a client.
PKCS#12 is a commonly used, standardized, certificate file format that provides a high degree of portability.
You can use PEM (Privacy Enhanced Mail) format for the keystore for the
Broker Server. You cannot use this format for the keystore for the
Broker admin component or a client.
PEM is a base-64 encoded data format used for text-based communications; it provides the ability to encrypt the data before encoding it.
Note:
Previous versions of
webMethods Broker (version 6.5.2 and earlier) use the Spyrus certificate file format for keystores. The Spyrus format is not compatible with the keystore formats used in this version of
Broker. For information about how to upgrade version 6.5.2 and earlier
Broker keystores to keystores for the current version of
Broker, see
Converting Certificate Files.
OpenSSL, the open-source implementation of SSL that
Broker uses, provides its own set of certificate management tools. These tools are supplied with
Broker. You can use the OpenSSL command-line tool to manage keystores in the PKCS#12 and PEM formats, and any other certificate management tools that work with these formats. For more information, see
Managing Certificate Files with
OpenSSL.