Configuring Keystore and Truststore Information for Inbound Messages
You might want to configure API Gateway to refer to a default keystore, truststore, or both, before deploying any SOAP message flows that require signature, encryption, X.509 authentication, and so on, as configured in the Inbound Auth - Message policy. The default keystore and truststore are that you want API Gateway to use for the incoming secured messages.
To configure keystore and truststore settings for inbound messages
1. Expand the menu options icon , in the title bar, and select Administration. 2. Select Security > Keystore/Truststore.
A list of existing keystores and truststores loaded during startup, and those created in API Gateway and the corresponding details appears.
3. To configure API Gateway's default keystore and truststore alias for incoming secured messages, provide the following information in the Configure keystore and truststore settings for inbound messages section:
Field | Description |
Keystore alias | Select a keystore that API Gateway uses for incoming message-level security. Lists all available keystores. If you have not configured any keystore, the list is empty. |
Key alias (signing) | Select the alias for the private key to sign the outgoing response from API Gateway to the original client. This alias value validates the inbound requests to API Gateway and signs the outgoing response from API Gateway to the original client. This field is auto-populated based on the selected keystore alias. It lists all the aliases available in the chosen keystore. If there are no configured keystores, this field is empty. |
Truststore alias | The alias for the truststore that contains the list of CA certificates that API Gateway uses to validate the trust relationship with the client. |
4. Click Save.
Post-requisites
While securing the SOAP APIs using WS-Security policies, perform the following:
1. Restart the server after configuring keystore and truststore information for the configuration to take effect.
2. Deactivate the APIs that have Inbound Auth - Message policy enforced.
3. Update the keystore and truststore configuration.
4. Activate the APIs that were deactivated.