Most of the time you will want to specify a truststore; however, there may be times when you do not want to. For example, you might want to trust all certificate authorities on outbound requests and trust specific CAs on different ports for incoming requests.

For outbound requests, you can specify:

During the handshake for an outbound SSL request, Integration Server first checks for a truststore set in the service. If one is specified, Integration Server uses the specified truststore to perform the trust verification. If the service does not supply a truststore, then Integration Server uses the value specified under Truststore setting on the Server > Certificates page for truststore verification with the request. However, if the Truststore setting on the Server > Certificates page is blank, then Integration Server relies on the value of the watt.security.cert.wmChainVerifier.trustByDefault to determine if Integration Server will accept and trust any certificate it receives during the SSL handshake of an outbound request.

For inbound requests, you can specify a truststore at the Integration Server level (on the Security > Certificates page) or at the port level (on the Edit HTTPS Port Configuration page or the Edit FTPS Port Configuration page). If you omit a truststore from both the Integration Server level and the port level, Integration Server will trust no certificate authorities. If you specify a truststore at the Integration Server level and at the port level, the server uses the truststore specified at the port level for determining trust on connections being made to that port. If you specify a truststore at just the port level, the server uses the port-level setting for requests being made to the port.