I have to do reverse engineering in my WM 9.7 & AIX OS infrastructure environment to understand existing key store,trust store certificate installation in WM 9.7 version.
This setup was done by old vendor and now we are new vendor for our clients so it’s very hard time to get documents and knowledge on existing system from old vendor
My requirement to understand existing setup on key store,trust store certificate
How to generate trust store,key store and SSL certificate via key tool utility present in WM 9.7?
I can see in my WM 9.7 IS console ->security → keystore alias is configured in /cert dir in AIX OS system with name xyz.jks type JKS & Provider IBMJCE
In trust store alias is configured with abc.jks type JKS & Provider IBMJCE and CA is loaded in /cacert dir
So Please check my understanding,bit confusing on this topics.
Integration Server stores its private keys and SSL certificates in keystore files?
Private key and SSL certificate will be generated by WM team using keytool?
Public key and CA certificate will stored in truststore files?
Public key and CA certificate will be provide by client?
Now,
Let say if i have CA certificate,Public certificate provide by client so by looking at this CA and cert Info how to generate trust store in JKS format and private certificate for this particular client via key tool ?
My requirement in WM is How to create trust store in JKS format and certificate via key tool and what all those commands ? And I want generated Trust store and certificate will be Sync with that particular client so that to/fro communication can happen.
In Keystore list Alias:-
Alias Name : A
File Name xyz.jks uploaded in /cert dir in AIX OS system where WM is installed
Keystore properties Type JKS Provider IBMJCE
Configured Key Alias abc_2104(only 1)
In Trust store list Alias:-
Alias B
Type JKS Provider IBMJCE
File Name abc.jks uploaded in /cert dir(same dir structure as Alias A) in AIX OS
certificate alias : Here i can see so many alias etc 10-12 alias is present
Questions : How to edit JKS or configure abc.jks via keytool if any new certificate or ca has to load ?
what will happen to existing abc.jks file?
Alias C
Type JKS Provider IBMJCE
File Name 123.jks uploaded in /cacert dir in AIX OS
certificate alias : Here i can see so many alias etc 30-35 alias is present
Questions : Do i need to load new CA cert here as well ?
Thanks for document,I run through and found that all configuration is exit.
We use to place certificate dot cer and JKS file in our Trust store dir /cert and cert as well.
So,
My question is how to generate/edit this JKS trust store format via key tool and what is cmd for same?
In my previously thread i have mention details there are existing truststore.jks file which has binding with several certificate alias so IF i want to EDIT JKS file how to do that via keytool
When we generate/edit JKS trust store file how to bind that with existing certificate alias so that there is no impact, as u can see existing JKS file is binding with other certificate alias.
Even we are placing .CER file in same directory
How to do that and what will happen to existing one JKS file in trust store?
This thread help but i feel i didn’t put much efforts to google this knowledge base instead of that i solely depend on this sag forum any way thanks for knowledge sharing.