Configuring keystore and truststore information for inbound messages

Edit online

webMethods API Gateway includes a list of SSL keystores and truststores. Configure webMethods API Gateway to refer to a default keystore, truststore, or both, before deploying SOAP message flows that require signature, encryption, X.509 authentication, as configured in the Inbound Authentication-Message policy.

About this task

The default keystore and truststore are that you want webMethods API Gateway to use for the incoming secured messages.

Procedure

  1. Open the menu options and select Administration.
  2. Select General > Security. A list of keystones, truststores and corresponding details are displayed.
  3. To configure webMethods API Gateway's default keystore and truststore alias for incoming secured messages, provide the information in the table for Configure keystore and truststore settings section.
    Field Description
    Keystore alias Select a keystore that webMethods API Gateway uses for incoming message-level security. Lists all available keystores. If you have not configured any keystore, the list is empty.
    Key alias (signing) Select the alias for the private key to sign the outgoing response from API Gateway to the original client. This alias value validates the inbound requests to webMethods API Gateway and signs the outgoing response from webMethods API Gateway to the original client. It is autopopulated based on the keystore selected. This field lists all the aliases available in the chosen keystore. If there are no configured keystores, this field is empty. This field is autopopulated based on the selected keystore alias. It lists all the aliases available in the chosen keystore. If there are no configured keystores, this field is empty.
    Truststore alias The alias for the truststore that contains the list of CA certificates that webMethods API Gateway uses to validate the trust relationship with the client.
  4. Click Save.

What to do next

While securing the SOAP APIs, by using WS-Security policies to do the steps such as:

  1. Restart the server after configuring keystore and truststore information for the configuration to take effect.
  2. Deactivate APIs with the Inbound Authentication-Message policy enforced.
  3. Update the keystore and truststore configuration.
  4. Activate the APIs that were deactivated.