Software AG Products 10.7 | Administering Integration Server | Using Keystores and Truststores with Integration Server | Keystore, Truststore, and Key Aliases | Creating Keystore Aliases
 
Creating Keystore Aliases
After you have created keystore files with the Oracle Java keytool or with another third-party certificate tool, you assign an alias to the keystore.
Note:
When creating a keystore alias for a PKCS12 type keystore in version 10.7, Integration Server lists BC (Bouncy Castle) and OpenJSSE as possible providers for the keystore. In versions of Integration Server prior to 10.7, Integration Server listed SunJSSE as a possible provider for a PKCS12 type keystore. However, when using OpenJSSE, the SSL provider named SunJSSE is not available. During migration to Integration Server 10.7 that uses OpenJSSE, the migration utility changes existing keystores that used SunJSSE as the provider to use BC (Bouncy Castle).
*To create an alias for a keystore file
1. Open the Integration Server Administrator if it is not already open.
2. Go to Security > Keystore.
3. Click Create Keystore Alias.
4. Enter the Keystore Properties settings as follows:
For this setting
Specify
Alias
A text identifier for the keystore file.
The keystore contains the private keys and certificates (including the associated public keys) for an Integration Server, partner application, or Integration Server component.
Description
Optional. A text description for the keystore alias.
Type
The certificate file format of the keystore file, which by default is JKS for keystores. You can also use PKCS12 format for a keystore.
Other keystore types can be made available by:
*Loading additional security providers.
*Setting the watt.security.keyStore.supportedTypes server configuration parameter.
Provider
The provider that is used for the keystore or truststore type. The default provider is the one shipped with the JVM, which can be Oracle, IBM, or others.
Note:
When the keystore type is PKCS12, the provider “BC” is short for Bouncy Castle.
Generally, you should specify a provider only if your HSM device is not supported by the default provider.
You can configure a different provider to support keystore types other than the default. Integration Server supports both PKCS12 and JKS for keystores, but only supports JKS for truststores.
Location
Path location of the keystore file on the server.
You can specify the full-path name, or a relative path in relation to the Integration Server.
Password / Re-type Password
Password for the saved keystore file associated with this alias.
If the keystore requires a password, the password must have been defined at keystore creation time using a keystore utility. Once you create the keystore alias, the keystore password is automatically saved as an Integration Server outbound password.
Make sure you have the keystore password available when managing its corresponding keystore alias. If the keystore does not require a password, leave the fields empty.
HSM-based Keystore
Indicates whether the keystore file is stored on a Hardware Security Module (HSM) device. Only nCipher hardware card modules are currently supported.
If you select this option, no path is specified in the Location field.
5. Click Submit.
6. Enter the Key Aliases settings as follows:
For this setting
Specify
Password / Re-type Password
Password for each alias found in the keystore.
Most aliases require a password. If Integration Server needs to use this alias for any reason, you must provide its password.
Null
Indicates that no password is required for the alias.
Select this for an alias in the keystore that is not secured with a password.
7. Click Save Changes.