For this setting | Specify |
Alias | A text identifier for the keystore file. The keystore contains the private keys and certificates (including the associated public keys) for an Integration Server, partner application, or Integration Server component. |
Description | Optional. A text description for the keystore alias. |
Type | The certificate file format of the keystore file, which by default is JKS for keystores. You can also use PKCS12 format for a keystore. Other keystore types can be made available by: Loading additional security providers. Setting the watt.security.keyStore.supportedTypes server configuration parameter. |
Provider | The provider that is used for the keystore or truststore type. The default provider is the one shipped with the JVM, which can be Oracle, IBM, or others. Note: When the keystore type is PKCS12, the provider “BC” is short for Bouncy Castle. Generally, you should specify a provider only if your HSM device is not supported by the default provider. You can configure a different provider to support keystore types other than the default. Integration Server supports both PKCS12 and JKS for keystores, but only supports JKS for truststores. |
Location | Path location of the keystore file on the server. You can specify the full-path name, or a relative path in relation to the Integration Server. |
Password / Re-type Password | Password for the saved keystore file associated with this alias. If the keystore requires a password, the password must have been defined at keystore creation time using a keystore utility. Once you create the keystore alias, the keystore password is automatically saved as an Integration Server outbound password. Make sure you have the keystore password available when managing its corresponding keystore alias. If the keystore does not require a password, leave the fields empty. |
HSM-based Keystore | Indicates whether the keystore file is stored on a Hardware Security Module (HSM) device. Only nCipher hardware card modules are currently supported. If you select this option, no path is specified in the Location field. |
For this setting | Specify |
Password / Re-type Password | Password for each alias found in the keystore. Most aliases require a password. If Integration Server needs to use this alias for any reason, you must provide its password. |
Null | Indicates that no password is required for the alias. Select this for an alias in the keystore that is not secured with a password. |