Create a server keystore for SOAP Gateway and
export the public key as a server certificate that the SOAP Gateway client
can use to verify that the server is trusted.
To create a JKS keystore on the server and export the
public key:
- Create a keystore by using a Key management tool such as
Ikeyman or Keytool. In a command console, enter the following command:
keytool -genkey -alias server.keystore -dname
"CN=mycompany.somewhere.com OU=IBM SWG, O=IBM, C=US"
-keyalg RSA -keypass password -storepass password
-keystore "/path/to/server.keystore.ks"
The CN value must include the hostname.
The same hostname must be in the URL that is used by the client to
request for the service. For example, http://mycompany.somewhere.com:8088/imssoap/services/IMSPHBKService.
For NIST SP800-131a, specify SHA256withRSA
for the signature algorithm and 2048 for the key size.
keytool -genkey -alias server.keystore -dname
"CN=mycompany.somewhere.com OU=IBM SWG, O=IBM, C=US"
-keyalg RSA -sigalg SHA256withRSA -keysize 2048
-keypass password -storepass password
-keystore "/path/to/server.keystore.ks"
- Export the public key from the server keystore (server.keystore.ks
in the following example) as a certificate.
keytool -export -alias server.keystore -storepass password
-file "/path/to/server.keystore.cer"
-keystore "/path/to/server.keystore.ks"
Tip: You can have the certificate signed by a Certificate Authority
(CA), such as VeriSign, or create your own CA by using software such
as OpenSSL to sign your own (self-signed) certificate.