Configuring key and trust manager providers
After you have a key store, you can configure a key manager provider to access it.
The server is preconfigured with key manager providers that can be used with Java KeyStore (JKS) or PKCS #12 key stores, named “JKS” and “PKCS12”, respectively. In most cases, the appropriate key manager provider can be updated to reference the key store that you will use.
dsconfig set-key-manager-provider-prop \ --provider-name JKS \ --set enabled:true \ --set key-store-file:config/keystore \ --set key-store-pin-file:config/keystore.pin
Use a similar change to configure a trust manager provider to reference the appropriate trust store.
dsconfig set-trust-manager-provider-prop \ --provider-name JKS \ --set enabled:true \ --set include-jvm-default-issuers:true \ --set trust-store-file:config/truststore \ --set trust-store-pin-file:config/truststore.pin
Alternatively, if clients and servers are all expected to use certificates signed by issuers included in the JVM’s default trust store, you can simply use the “JVM-Default” trust manager provider.