Configuring WebSphere Application Server for centralized key management

To use external key management for your FileNetĀ® P8 system, you add a trust store and a key store to the WebSphere Application Server.

Before you begin

This process assumes that you have already configured WebSphere Application Server to use with your Content Platform Engine environment. Review the requirements in Configuring WebSphere for Content Platform Engine to ensure that your application server is set up properly before you continue with these steps.

Procedure

To configure WebSphere Application Server for external key management:

  1. In the WebSphere Application Server administration console, expand the Security node in the navigation pane, and click SSL certificate and key management.
  2. In the Related items list, click Key stores and certificates.
  3. Click New to create the key store profile.
    Provide the following details:
    • Name: kmipKeyStore
    • Description: Keystore for the key management service
    • Management scope: Set to the location where the Content Platform Engine server will be deployed.
    • Path: Set to the location of the keystore, cpeKeyStore.jceks, that you set up as part of the SSL authentication configuration.
    • Type: Set to JCEKS.
    Apply your changes.
  4. In the Key stores and certificates page, click New again to create the key management trust store profile.
    Provide the following details:
    • Name: kmipTrustStore
    • Description: Trust store for the key management service
    • Management scope: Set to the location where the Content Platform Engine server will be deployed.
    • Path: Set to the location of the trust store, cpeTrustStore, that you set up as part of the SSL authentication configuration.
    • Type: Set to JCEKS.
    Apply your changes.
  5. Apply your changes and save the configuration.