Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Administering Integration Server | Using Keystores and Truststores with Integration Server | Keystore, Truststore, and Key Aliases | Creating Truststore Aliases
 
Creating Truststore Aliases
The following procedure shows how to assign aliases to truststore files.
*To create an alias for a truststore file
1. Open the Integration Server Administrator if it is not already open.
2. Go to Security > Keystore.
3. Click Create Truststore Alias.
4. Enter the Truststore Properties settings as follows:
For this setting
Specify
Alias
A text identifier for the truststore file.
The truststore contains the trusted CA certificates for an Integration Server, partner application, or Integration Server component.
Description
Optional. A text description for the truststore alias.
Type
The certificate file format of the truststore, which by default is JKS.
Other truststore types can be made available by:
*Loading additional security providers.
*Setting the watt.security.trustStore.supportedTypes server configuration property.
Provider
The provider that is used for the truststore type. The default provider is the one shipped with the JVM, which can be Oracle, IBM, or others.
Specify a provider only if your HSM device is not supported by the default provider.
You can configure a different provider to support keystore types other than the default (JKS); however, Software AG does not provide support for their use.
Location
Path location of the truststore file on the server.
You can specify the full-path name, or a relative path in relation to the Integration Server.
Password / Re-type Password
Supplied password that is used to protect the contents of the truststore.
This password must have been defined at truststore creation time using a keystore utility. Once you create the truststore alias, its password is automatically saved as an Integration Server outbound password.
Make sure you have the truststore password available when managing its corresponding truststore alias.
Secondary Truststore
Alias of the truststore to be used as a secondary truststore. The secondary truststore acts an extension of the primary truststore (i.e., the truststore for which this alias is being created).
For example, suppose that you are creating a truststore alias named "CompanyTruststore" that contains all of your organization's private CA certificates. If you want to include the trusted CA certificates from the DEFAULT_JVM_TRUSTSTORE in the trust verification, set the DEFAULT_JVM_TRUSTSTORE as the secondary truststore. When preforming trust verification, Integration Server first checks the "CompanyTruststore" for an issuer. If there is no match, Integration Server checks the secondary truststore. In this example, by using a secondary truststore, you can separate out private certificates from public certificates but still include both in the trust verification.
Note:
DEFAULT_JVM_TRUSTSTORE is the truststore alias for the JVM truststore.
5. Click Save Changes.