For this setting | Specify |
Alias | A text identifier for the truststore file. The truststore contains the trusted CA certificates for an Integration Server, partner application, or Integration Server component. |
Description | Optional. A text description for the truststore alias. |
Type | The certificate file format of the truststore, which by default is JKS. Other truststore types can be made available by: Loading additional security providers. Setting the watt.security.trustStore.supportedTypes server configuration property. |
Provider | The provider that is used for the truststore type. The default provider is the one shipped with the JVM, which can be Oracle, IBM, or others. Specify a provider only if your HSM device is not supported by the default provider. You can configure a different provider to support keystore types other than the default (JKS); however, Software AG does not provide support for their use. |
Location | Path location of the truststore file on the server. You can specify the full-path name, or a relative path in relation to the Integration Server. |
Password / Re-type Password | Supplied password that is used to protect the contents of the truststore. This password must have been defined at truststore creation time using a keystore utility. Once you create the truststore alias, its password is automatically saved as an Integration Server outbound password. Make sure you have the truststore password available when managing its corresponding truststore alias. |
Secondary Truststore | Alias of the truststore to be used as a secondary truststore. The secondary truststore acts an extension of the primary truststore (i.e., the truststore for which this alias is being created). For example, suppose that you are creating a truststore alias named "CompanyTruststore" that contains all of your organization's private CA certificates. If you want to include the trusted CA certificates from the DEFAULT_JVM_TRUSTSTORE in the trust verification, set the DEFAULT_JVM_TRUSTSTORE as the secondary truststore. When preforming trust verification, Integration Server first checks the "CompanyTruststore" for an issuer. If there is no match, Integration Server checks the secondary truststore. In this example, by using a secondary truststore, you can separate out private certificates from public certificates but still include both in the trust verification. Note: DEFAULT_JVM_TRUSTSTORE is the truststore alias for the JVM truststore. |