Integration Server Administrator's Guide : Securing Communications with the Server : Keystores and Truststores : Keystore, Truststore, and Key Aliases : Creating Keystore Aliases
Creating Keystore Aliases
The following procedures shows how to assign aliases to keystore files that you have created with the Oracle Java keytool or with another third-party certificate tool.
To create an alias for a keystore file
1. Open the Integration Server Administrator if it is not already open.
2. In the Security menu of the Navigation panel, click Keystore.
3. Click Create Keystore Alias.
4. Enter the Keystore Properties settings as follows:
For this setting
Specify or select...
Alias
A text identifier for the keystore file.
The keystore contains the private keys and certificates (including the associated public keys) for an Integration Server, partner application, or Integration Server component.
Description
Optional. A text description for the keystore alias.
Type
The certificate file format of the keystore file, which by default is JKS for keystores. You can also use PKCS12 format for a keystore.
Other keystore types can be made available by:
*Loading additional security providers.
*Setting the watt.security.keyStore.supportedTypes server configuration parameter.
Provider
The provider that is used for the keystore or truststore type. The default provider is the one shipped with the JVM, which can be Oracle, IBM, or others.
Generally, you should specify a provider only if your HSM device is not supported by the default provider.
You can configure a different provider to support keystore types other than the default. Integration Server supports both PKCS12 and JKS for keystores, but only supports JKS for truststores.
Location
Path location of the keystore file on the server.
You can specify the full-path name, or a relative path in relation to the Integration Server.
Password / Re-type Password
Password for the saved keystore file associated with this alias.
If the keystore requires a password, the password must have been defined at keystore creation time using a keystore utility. Once you create the keystore alias, the keystore password is automatically saved as an Integration Server outbound password.
Make sure you have the keystore password available when managing its corresponding keystore alias. If the keystore does not require a password, leave the fields empty.
HSM-based Keystore
Indicates whether the keystore file is stored on a Hardware Security Module (HSM) device. Only nCipher hardware card modules are currently supported.
If you select this option, no path is specified in the Location field.
5. Click Submit.
6. Enter the Key Aliases settings as follows:
For this setting...
Specify or select...
Password / Re-type Password
Password for each alias found in the keystore.
Most aliases require a password. If Integration Server needs to use this alias for any reason, you must provide its password.
Null
Indicates that no password is required for the alias.
Select this for an alias in the keystore that is not secured with a password.
7. Click Save Changes.
Copyright © 2017 Software AG, Darmstadt, Germany. (Innovation Release)

Product LogoContact Support   |   Community   |   Feedback