Page created: 26 Jul 2021 |
Page updated: 14 Jan 2022
After you have a key store, configure a key manager provider to access it.
The server is preconfigured with key manager providers,
PKCS12, that you can use with JKS or PKCS #12 key stores,
respectively. You can update the appropriate key manager provider in most cases to
reference the key store that you plan to use. The following code provides an
dsconfig set-key-manager-provider-prop \ --provider-name JKS \ --set enabled:true \ --set key-store-file:config/keystore \ --set key-store-pin-file:config/keystore.pin
A similar change configures a trust manager provider to reference the appropriate trust store. The following code provides an example.
dsconfig set-trust-manager-provider-prop \ --provider-name JKS \ --set enabled:true \ --set include-jvm-default-issuers:true \ --set trust-store-file:config/truststore --set trust-store-pin-file:config/truststore.pin
If all clients and servers use certificates that are signed by issuers and are included in the JVM's default trust store, you can use the JVM-Default trust manager provider to accomplish this task.