To use external key management for your FileNetĀ®
P8
system, you add a trust store and a key store to the WebSphere Application
Server.
Before you begin
This process assumes that you have already configured WebSphere Application
Server to use with your Content Platform Engine environment. Review the
requirements in Configuring WebSphere for Content Platform Engine to ensure that your
application server is set up properly before you continue with these steps.
Procedure
To configure WebSphere Application
Server for external key
management:
-
In the WebSphere Application
Server administration console, expand the
Security node in the navigation pane, and click SSL certificate
and key management.
-
In the Related items list, click Key stores and
certificates.
-
Click New to create the key store profile.
Provide the following details:
- Name: kmipKeyStore
- Description: Keystore for the key management service
- Management scope: Set to the location where the Content Platform Engine
server will be deployed.
- Path: Set to the location of the keystore,
cpeKeyStore.jceks, that you set up as part of the SSL authentication
configuration.
- Type: Set to JCEKS.
Apply your changes.
-
In the Key stores and certificates page, click New
again to create the key management trust store profile.
Provide the following details:
- Name: kmipTrustStore
- Description: Trust store for the key management service
- Management scope: Set to the location where the Content Platform Engine
server will be deployed.
- Path: Set to the location of the trust store,
cpeTrustStore, that you set up as part of the SSL authentication
configuration.
- Type: Set to JCEKS.
Apply your changes.
-
Apply your changes and save the configuration.