Creating the client truststore
The client truststore is a single file in the location of your choice that contains the IBM® MFA server certificate authority (CA) public certificate. You must create this truststore so that the client trusts the server.
About this task
The server CA public certificate must be in the Privacy Enhanced Mail (PEM) format.
Note: The process to obtain the server CA public certificate varies by vendor and application. This
procedure assumes that you are using a public certificate authority. It is strongly recommended that
you use a certificate issued by a well-known certificate authority. When ordering server
certificates to use with IBM MFA, ensure that you specify
Subject Alternate Names that cover all names that a user might enter in the browser to access the
server.
Optional: Creating test root and server certificates describes the optional case of creating your own certificate authority (CA) root certificate if needed for testing purposes.
To create the truststore, complete the following steps on the IBM MFA server system: