Configuring certificates using PKI and SSL
You can learn to configure certificates using PKI and SSL using the information provided here.
IBM® Security Verify Directory Integrator provides separate configuration options for certificates to be used for public key infrastructure (PKI) encryption and Secure Socket Layer (SSL) connection. Independent configuration of PKI and SSL certificates allows you to migrate your encrypted properties separately from the process of upgrading your SSL certificates.
Under PKI, a Certificate Authority (CA) binds public keys to user identities. The user identity must be unique for each CA. Public Key certificates collect each user, user identity, public key, their binding, validity conditions, and other attributes that are made unforgetable in public key certificates issued by the CA.
The certificates used for SSL may expire, or for security reasons, SSL certificates may have to be refreshed frequently. Certificates used for PKI encryption can be persisted longer than it is appropriate to persist SSL certificates. PKI certificates should be maintained in case there is data that has been encrypted using the public key certificate. As a result, IBM® Security Verify Directory Integrator allows you to configure PKI and SSL certificates separately. Each server for an SSL connection and each client performing PKI authentication must issue a request for a certificate to the local CA, and must add the resulting certificate into its keystore.
These properties are added to the global.properties file:
com.ibm.di.server.encryption.keystore
com.ibm.di.server.encryption.key.alias
These properties variables are set to the same values as the ones already in global.properties:
api.keystore=truststore
api.key.alias=server