Enabling writable SAF keyrings
WebSphere® Application Server provides the function to allow a WebSphere Application Server administrator to perform certificate management operations on System Authorization Facility (SAF) keyrings by utilizing the (Open Cryptographic Services Facility) OCSF Data library functions for SAF keyrings. This task migrates existing configurations and enables writable SAF keyrings.
Before you begin
Before starting this task, the wsadmin tool must be running. See the information about starting the wsadmin scripting client.
About this task
By default, if writable keyring support is enabled during profile management, the default keystore configurations are enabled for writable keyrings. Alternatively, if migrating from a pervious WebSphere Application Server installation, you can enable writable keyrings for a keystore object using the following steps.
AdminTask can be used in interactive mode and batch mode.
For automation the batch mode options should be used. AdminTask batch
mode can be called in a JACL or Jython script. Interactive mode steps
you through all the parameters the task needs, required ones are marked
with a *
. Before the AdminTask runs the task, it echoes the
batch mode syntax of the task to the screen. This can be helpful when
writing batch mode scripts for automation.
- keyStoreName
- controlRegionUser
- servantRegionUser
The interactive mode procedure to enable writable SAF keyrings is as follows:
Procedure
Results
your_keystore_name -CR corresponds to the keyring owned by the RACF ID of the control region process and your_keystore_name -SR corresponds to the keystore owned by the RACF ID of the servant region process.
These keystores are created in the same scope as your_keystore_name and can be accessed using the administrative console from the your_keystore_name collection panel.What to do next
- Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Key stores and certificates > [keystore ].
- Under Writable SAF Keyrings, click either Control Region Keyring or Servant Region Keyring to display the keystore collection panel for either the control region keyring or servant region keyring, respectively.
- Under Additional Properties, navigate to the certificate collection panels to perform certificate management operations.