Creating a truststore for the Security Verify Directory Integrator server

You must create a truststore on the SSL server to hold trusted certificates, so that clients can authenticate to the server.

About this task

A truststore is a database of public keys for target servers. The SSL truststore contains the list of signer certificates (CA certificates) that define which certificates the SSL protocol trusts. Only a certificate that is issued by one of these listed trusted signers can be accepted. Do not do the following task if you use the same file for keystore and truststore.

Procedure

  1. Navigate to the ITDI_HOME/jvm/jre/bin directory.
  2. Start the ikeyman.exe file (for Windows operating systems) or ikeyman (for UNIX and Linux operating systems).
  3. From the Key Database File menu, select New.
  4. Select JKS.
  5. Type the keystore file name.
    For example, type tdikeys.jks.
  6. Type the location.
    For example, type ITDI_HOME/keys.
    Note: Ensure that location that you specify exists.
  7. Click OK.
  8. Type a password for the keystore. The default password is secret.
  9. Click OK.