Keystore and Truststore

Edit online

Keystores and truststores are secure files with industry-standard file formats. The keystore file stores the private keys and SSL certificates and the truststore file stores the trusted roots for the certificates.

A keystore file contains one or more pairs of a private key and signed certificate for its corresponding public key. The keystore should be strongly protected with a password, and stored (either on the file system or elsewhere) so that it is accessible only to administrators.

The truststore file functions as a database containing all the public keys for CAs within a specified trusted directory.

To enable the two-way SSL for inbound connections, you must add a valid, authorized X.509 certificate along with the private key in a keystore file and the certificate of the client or partner in the webMethods API Gateway truststore file. To enable two-way SSL for outbound connections you have to add the certificate of the native API to the webMethods API Gateway truststore file. These keystore and truststore files have to be referred to in the HTTPs port that is used to access the webMethods API Gateway service.

webMethods API Gateway has a sample keystore that contains self-signed certificates, which are located in InstallDir\IntegrationServer\instances\default\packages\WmAPIGateway\config\resources\security. The sample self-signed certificates are specific to localhost and hence IBM recommends not to use them for configuring SSL communication with webMethods API Gateway in a production environment.

Note: Any modifications to the keystore and truststore aliases in Integration Server do not reflect in webMethods API Gateway. Hence, IBM recommends that you do not modify the aliases through the Integration Server Administrator. On migration from 10.0 to 10.1, the existing configuration in 10.0 is migrated to the webMethods API Gateway UI.