Use this page to specify the trust anchor configuration. These trust anchor certificates are used to validate the X.509 certificate that is embedded in the SOAP message.
Use this information to configure a trust anchor. Trust anchors point to keystores that contain trusted root or self-signed certificates. This information enables you to specify a name for the trust anchor and the information that is needed to access a keystore. The application binding uses this name to reference a predefined trust anchor definition in the binding file (or the default).
You can configure a trust anchor when you are editing a default cell or server binding. You can also configure custom bindings for tokens and message parts that are required by the policy set.
Specifies the unique name that is used by the application binding to reference a predefined trust anchor definition in the default binding.
A trust anchor specifies the keystore that contains trusted root certificates. This field displays the name for the trust anchor that is being edited. If you are creating a new trust anchor configuration, enter a unique name.
Keystore files contain public and private keys, root certificate authority (CA) certificates, the intermediate CA certificate, and so on. Keys that are retrieved from the keystore files are used to sign and validate or encrypt and decrypt messages or message parts.
Data type: | String |
Specifies to use a centrally managed keystore. After selecting the Centrally managed keystore option, choose one of the centrally managed keystore names from the list. Centrally managed keystores can be managed in the administrative console by clicking these links: Security > SSL certificate and key management > Key stores and certificates.
Click the radio button to enable the Name field. Select a keystore from the list.
Data type: | Radio button |
Default value: | Unselected |
Specifies a keystore using a keystore path, keystore type and keystore password. The keystore file format is determined by the keystore type. The default trust anchor in the default binding uses an external keystore.
Select the radio button to enable an external keystore.
Data type: | Radio button |
Default value: | Selected |
${USER_INSTALL_ROOT}/etc/ws-security/samples/dsig-receiver.ks
Data type: | String |
The type specifies the implementation for keystore management. Click a keystore type from the list provided. The selection list is returned by java.security.Security.getAlgorithms("KeyStore").
Use the password to protect the keystore. The password is used to access the named keystore and the password is also the default password that is used to store keys within the keystore.
The default trust anchor in default binding uses an external keystore. The password for the external keystore is: server. It is recommended that you change the default password as soon as possible.
Data type: | String |
Default value: | WebAS or cell name |
Enter the password that is used to open the keystore file or device again. By entering the same password that was entered in the Password field again, you confirm the password.
Data type: | String |
Links marked (online) require access to the Internet.