Configuring Java CAPS for SSL Support - KeyStores and TrustStores

Configuring Java CAPS for SSL Support

• Previous: SSL and Adapters
• Next: Generating a KeyStore and TrustStore

KeyStores and TrustStores

The JSSE makes use of files called KeyStores and TrustStores. The KeyStore is used by the adapter for client authentication, while the TrustStore is used to authenticate a server in SSL authentication.

• A KeyStore consists of a database containing a private key and an associated certificate, or an associated certificate chain. The certificate chain consists of the client certificate and one or more certification authority (CA) certificates.

• A TrustStore contains only the certificates trusted by the client (a “trust” store). These certificates are CA root certificates, that is, self-signed certificates. The installation of the Logical Host includes a TrustStore file named cacerts.jks in the location:

  
  

  <c:\JavaCAPS>\appserver\domains\<MyDomain>\config

  where <c:\JavaCAPS> is the directory where Java CAPS is installed and <MyDomain> is the name of your domain. This file is recommended as the TrustStore for the Sun Adapters.

Both KeyStores and TrustStores are managed by means of a utility called keytool, which is a part of the Java SDK installation.

• Previous: SSL and Adapters
• Next: Generating a KeyStore and TrustStore

• © 2010, Oracle Corporation and/or its affiliates