Configuring Keystore and Truststore Information for Inbound Messages

Edit online

About this task

You might want to configure webMethods API Gateway to refer to a default keystore, truststore, or both, before deploying any SOAP message flows that require signature, encryption, X.509 authentication, and so on, as configured in the Inbound Auth - Message policy. The default keystore and truststore are that you want webMethods API Gateway to use for the incoming secured messages.

To configure keystore and truststore settings for inbound messages

Procedure

  1. Expand the menu options icon , in the title bar, and select Administration.
  2. Select Security > Keystore/Truststore.
    A list of existing keystores and truststores loaded during startup, and those created in webMethods API Gateway and the corresponding details appears.
  3. To configure API Gateway's default keystore and truststore alias for incoming secured messages, provide the following information in the Configure keystore and truststore settings for inbound messages section:
    Field Description
    Keystore alias Select a keystore that webMethods API Gateway uses for incoming message-level security.

    Lists all available keystores. If you have not configured any keystore, the list is empty.

    Key alias (signing) Select the alias for the private key to sign the outgoing response from webMethods API Gateway to the original client.

    This alias value validates the inbound requests to webMethods API Gateway and signs the outgoing response from webMethods API Gateway to the original client. This field is auto-populated based on the selected keystore alias. It lists all the aliases available in the chosen keystore. If there are no configured keystores, this field is empty.

    Truststore alias The alias for the truststore that contains the list of CA certificates that webMethods API Gateway uses to validate the trust relationship with the client.
  4. Click Save.

What to do next

Post-requisites

While securing the SOAP APIs using WS-Security policies, perform the following:

  1. Restart the server after configuring keystore and truststore information for the configuration to take effect.
  2. Deactivate the APIs that have Inbound Auth - Message policy enforced.
  3. Update the keystore and truststore configuration.
  4. Activate the APIs that were deactivated.