Create a keystore for the client and export the public
key as a client certificate that SOAP Gateway can
use to verify that the client is trusted.
Client authentication requires server authentication. You
must have completed the following steps first:
To create a Java keystore
on the client and export the public key:
- Create a keystore by using a Key management tool such as
Ikeyman or Keytool. In a command console, enter the following command:
keytool -genkey -alias client.keystore -dname
"CN=SOAP Gateway Client Keystore OU=IBM SWG, O=IBM, C=US"
-keyalg RSA -keypass password -storepass password
-keystore "/path/to/cient.keystore.ks"
- Export the public key from the client keystore (client.keystore.ks)
as a certificate.
keytool -export -alias client.keystore -storepass password
-file "/path/to/client.keystore.cer"
-keystore "/path/to/client.keystore.ks"
Tip: You can have the certificate signed by a Certificate Authority
(CA), such as VeriSign, or create your own CA by using software such
as OpenSSL to sign your own (self-signed) certificate.