Truststore configuration

An integration server can use a truststore to verify a signature or perform X.509 authentication. The truststore must be a password-protected truststore in JKS or PKCS12 format.

In an IBM® App Connect Enterprise on-premises system, the truststore is a file that the integration server references, and it is set either by the mqsichangeproperties command or by using configuration in the server.conf.yaml file.

To use the truststore in an integration server in a containerized environment, you need to use a Truststore configuration type. The truststore file in the Truststore configuration type will be placed unchanged in the directory /home/aceuser/truststores in the integration server containers, with the same name as its configuration object name. For example, if you named the configuration my-truststore.jks, the truststore will be copied to /home/aceuser/truststores/my-truststore.jks. This path could then be referenced from the server.conf.yaml file that is provided as a configuration object, or from other configuration files like odbc.ini.

The password is not set on this configuration object, so instead use the setdbparms.txt configuration type to define security identities that contain the password, and then use those identities to supply the password to configuration files like server.conf.yaml.

The name of the configuration object is used as the file name of the truststore inside the integration server, so you must provide a name that is suffixed with a supported file extension; for example, name.jks. If a file extension is not included as part of the configuration name, the integration server will not recognize this configuration and error messages will be generated during the deployment.

  • If you are creating the configuration object by using the Red Hat® OpenShift® web console or CLI, you will need to run a Base64 encoder against your truststore file and use the output as the value of the spec.data parameter in the configuration custom resource. For more information, see Creating a configuration object.
  • If you are using the App Connect Dashboard, you can create the configuration object from the Configuration page or while creating the integration server, as described in Configuration types for integration servers.

For more information about this configuration type, see Truststore type.