Configuring Keystore and Truststore Information
API Gateway includes a list of SSL keystores and truststores.
You might want to configure API Gateway to refer to a default keystore, truststore, or both, before deploying any SOAP message flows that require signature, encryption, X.509 authentication, and so on, as configured in the Inbound Authentication - Message policy. The default keystore and truststore are that you want API Gateway to use for the incoming secured messages.
To configure Keystore and truststore information
1. Expand the menu options icon , in the title bar, and select Administration. 2. Select General > Security.
A list of existing keystores and truststores loaded during 10.1 first startup and those created in API Gateway and corresponding details are displayed.
3. Provide the following information in the Configure keystore and truststore settings section:
Field | Description |
Keystore alias | Select a keystore that API Gateway uses for incoming message-level security. Lists all available keystores. If you have not configured an Integration Server keystore the list is empty. |
Key alias (signing) | Select the alias for the private key to sign the outgoing response from API Gateway to the original client. This alias value validates the inbound requests to API Gateway and signs the outgoing response from API Gateway to the original client. It is auto-populated based on the keystore selected. This field lists all the aliases available in the chosen keystore. If there are no configured keystores, this field is empty. |
Truststore alias | Select a truststore that establishes the HTTPS connection to the client application. It contains public certificates that are trusted by API Gateway. |
4. Click Save.
Note: While securing the SOAP APIs using WS-Security policies, you have to perform the following: restart the server after configuring keystore and truststore information for the configuration to take effect. This is not required for REST APIs.
1. Deactivate the APIs that have Inbound Authentication - Message policy enforced.
2. Update the keystore and truststore configuration.
3. Activate the APIs that were deactivated.