After you have a keystore, configure a key manager provider to access it. The server is preconfigured with key manager providers, named JKS and PKCS12, that can be used with JKS or PKCS #12 keystores, respectively. As the following example shows, you can update the appropriate key manager provider in most cases to reference the keystore that you plan to use:

dsconfig set-key-manager-provider-prop \
     --provider-name JKS \
     --set enabled:true \
     --set key-store-file:config/keystore \
     --set key-store-pin-file:config/

A similar change configures a trust manager provider to reference the appropriate truststore, as the following example shows:

dsconfig set-trust-manager-provider-prop \
     --provider-name JKS \
     --set enabled:true \
     --set include-jvm-default-issuers:true \
     --set trust-store-file:config/truststore
     --set trust-store-pin-file:config/
Note: If all clients and servers are expected to use certificates that are signed by issuers and are included in the JVM's default truststore, you can use the JVM-Default trust manager provider to accomplish this task.