keystore,trust store certificate via keytool

Hi Forum Member,

I have to do reverse engineering in my WM 9.7 & AIX OS infrastructure environment to understand existing key store,trust store certificate installation in WM 9.7 version.
This setup was done by old vendor and now we are new vendor for our clients so it’s very hard time to get documents and knowledge on existing system from old vendor

My requirement to understand existing setup on key store,trust store certificate

  1. How to generate trust store,key store and SSL certificate via key tool utility present in WM 9.7?

I can see in my WM 9.7 IS console ->security --> keystore alias is configured in /cert dir in AIX OS system with name xyz.jks type JKS & Provider IBMJCE
In trust store alias is configured with abc.jks type JKS & Provider IBMJCE and CA is loaded in /cacert dir

So Please check my understanding,bit confusing on this topics.

  1. Integration Server stores its private keys and SSL certificates in keystore files?
  2. Private key and SSL certificate will be generated by WM team using keytool?
  3. Public key and CA certificate will stored in truststore files?
  4. Public key and CA certificate will be provide by client?

Now,

Let say if i have CA certificate,Public certificate provide by client so by looking at this CA and cert Info how to generate trust store in JKS format and private certificate for this particular client via key tool ?

My requirement in WM is How to create trust store in JKS format and certificate via key tool and what all those commands ? And I want generated Trust store and certificate will be Sync with that particular client so that to/fro communication can happen.

Awaited Response.

So can you tell me while I logged into WM IS console Security --> Key store

In Keystore list Alias

  1. location /cert dir Do I need to uploaded private key and SSL certificate generated by me vai key tool ?

In Trust store Alias

  1. location /cert dir Do I need to uploaded Trust store in JKS format and how to generate this vai key tool ?
  2. location /cacerts dir Do i need to uploaded CA and Intermediate certificates ?

Adding ++

In WM IS console Security --> Key store

In Keystore list Alias:-
Alias Name : A
File Name xyz.jks uploaded in /cert dir in AIX OS system where WM is installed

  1. Keystore properties Type JKS Provider IBMJCE
    Configured Key Alias abc_2104(only 1)

In Trust store list Alias:-

Alias B
Type JKS Provider IBMJCE
File Name abc.jks uploaded in /cert dir(same dir structure as Alias A) in AIX OS
certificate alias : Here i can see so many alias etc 10-12 alias is present

Questions : How to edit JKS or configure abc.jks via keytool if any new certificate or ca has to load ?
what will happen to existing abc.jks file?

Alias C
Type JKS Provider IBMJCE
File Name 123.jks uploaded in /cacert dir in AIX OS
certificate alias : Here i can see so many alias etc 30-35 alias is present

Questions : Do i need to load new CA cert here as well ?

Hi Forum Members,

can anyone please provide suggestion on requested information?

PFA doc which will be helpful to you.

Thanks,

keystore_trustedstore.docx (319 KB)

PFA doc which will be helpful to you.

Thanks,

keystore_trustedstore.docx (319 KB)

Hi MR,

Thanks for document,I run through and found that all configuration is exit.

We use to place certificate dot cer and JKS file in our Trust store dir /cert and cert as well.

So,

  1. My question is how to generate/edit this JKS trust store format via key tool and what is cmd for same?
  2. In my previously thread i have mention details there are existing truststore.jks file which has binding with several certificate alias so IF i want to EDIT JKS file how to do that via keytool
  3. When we generate/edit JKS trust store file how to bind that with existing certificate alias so that there is no impact, as u can see existing JKS file is binding with other certificate alias.
  4. Even we are placing .CER file in same directory

How to do that and what will happen to existing one JKS file in trust store?

Waiting for your response.

Rajiv, I did it long time ago so could not able to re-call. You can run through below links with which you can get what you want.

http://webmethodsexpert.com/2014/11/24/creating-security-certificate-tutorial/

https://techcommunity.softwareag.com/pwiki/-/wiki/Main/Creating+and+Managing+Certificates+for+My+webMethods+Server

Please fell free for any open questions.

Thanks,

Thanks for reply

This thread help but i feel i didn’t put much efforts to google this knowledge base instead of that i solely depend on this sag forum any way thanks for knowledge sharing.