Page created: 4 Feb 2020
|
Page updated: 22 Jul 2020
After you have a keystore, configure a key manager provider to access it. The server is preconfigured with key manager providers, named JKS and PKCS12, that can be used with JKS or PKCS #12 keystores, respectively. As the following example shows, you can update the appropriate key manager provider in most cases to reference the keystore that you plan to use:
dsconfig set-key-manager-provider-prop \
--provider-name JKS \
--set enabled:true \
--set key-store-file:config/keystore \
--set key-store-pin-file:config/keystore.pin
A similar change configures a trust manager provider to reference the appropriate truststore, as the following example shows:
dsconfig set-trust-manager-provider-prop \
--provider-name JKS \
--set enabled:true \
--set include-jvm-default-issuers:true \
--set trust-store-file:config/truststore
--set trust-store-pin-file:config/truststore.pin
Note: If all clients and servers are expected to use certificates that are signed by
issuers and are included in the JVM's default truststore, you can use the
JVM-Default trust manager provider to accomplish this task.