Page created: 4 Feb 2020 |
Page updated: 22 Jul 2020
After you have a keystore, configure a key manager provider to access it. The server is preconfigured with key manager providers, named JKS and PKCS12, that can be used with JKS or PKCS #12 keystores, respectively. As the following example shows, you can update the appropriate key manager provider in most cases to reference the keystore that you plan to use:
dsconfig set-key-manager-provider-prop \ --provider-name JKS \ --set enabled:true \ --set key-store-file:config/keystore \ --set key-store-pin-file:config/keystore.pin
A similar change configures a trust manager provider to reference the appropriate truststore, as the following example shows:
dsconfig set-trust-manager-provider-prop \ --provider-name JKS \ --set enabled:true \ --set include-jvm-default-issuers:true \ --set trust-store-file:config/truststore --set trust-store-pin-file:config/truststore.pin
Note: If all clients and servers are expected to use certificates that are signed by issuers and are included in the JVM's default truststore, you can use the JVM-Default trust manager provider to accomplish this task.