To establish a secure connection between Connect:Direct, Connect:Direct Web Services and other clients, you need a Keystore and Truststore that contains necessary keys and digital certificates. IBM® Connect:Direct® Web Service, by default is installed and configured with a default Keystore/Truststore and certificates. To use a different Keystore and Truststore see, Changing Keystore/Truststore using Web Console and Changing Keystore/Truststore using a CLI procedure.
- The following software/tool are required to implement some Keystore/Truststore management
procedures described in the following sections.
An SSL/TLS toolkit and cryptographic library. Download it from here.
A Java-based tool that can be used to manage keys, certificates and certificate requests. IKEYCMD is installed with the IBM Connect:Direct Web Service installation package at /installdirectory/jre/bin.
Java Keytool is a key and certificate management utility. Keytool is installed with the IBM Connect:Direct Web Service installation package at /installdirectory/jre/bin.
- With Fixpack 7 (v188.8.131.52) release jar name has been changed to
Resetting the Keystore/Truststore/Key Certificate password and syncing with Connect:Direct Web Services
- Use the following command to manually reset the Keystore/Truststore/Key Certificate password:
Command to change Keystore/Truststore password
keytool -storepasswd -Keystore <path_of_Keystore/Truststore_with_name> Enter Keystore password: New Keystore password:Command to change Key Certificate password
keytool -keypasswd -Keystore <path_of_Keystore/Truststore_with_name> -alias <key_certificate_alias> Enter Keystore password: Enter key password for <key_certificate_alias>: New key password for <key_certificate_alias>: Re-enter new key password for <key_certificate_alias>: Password change successful for alias <key_certificate_alias>
- Go to the following path:
ChangeKeystoreTruststoreAndUpdatePassword.jarto sync the new password with CDWS.Note: Ensure that you have CDWS admin password ready and the database service is up before running the
- Depending on your environment type, issue one of the following commands:
- In Windows, stop and start MFTWebservices from the Task manager for changes to take effect.
- In UNIX, issue the following command to stop and start MFTWebServices for changes to take effect.
% ./$CDWS_INSTALLATION_DIR$/bin/stopWebservice.sh % ./$CDWS_INSTALLATION_DIR$/bin/startWebservice.sh