Creating the server truststore for SOAP Gateway
Create a truststore for SOAP Gateway to store the HTTPS client certificates, or the SSL server certificate (from IMS Connect).
If the truststore is used to store the server certificate
from IMS Connect, the Java™ keystore must have a valid
X.509 certificate from IMS Connect
for authentication.
To provide a Java keystore on the client:
Create a truststore:
keytool -genkey -alias server.truststore -dname
"CN=SOAP Gateway Keystore OU=IBM SWG, O=IBM, C=US"
-keyalg RSA -keypass password -storepass password
-keystore "/path/to/server.truststore.ks"
For NIST SP800-131a, specify SHA256withRSA
for the signature algorithm and 2048 for the key size.
keytool -genkey -alias server.truststore -dname
"CN=SOAP Gateway Keystore OU=IBM SWG, O=IBM, C=US"
-keyalg RSA -sigalg SHA256withRSA -keysize 2048
-keypass password -storepass password
-keystore "/path/to/server.truststore.ks"
- If client authentication is required for HTTPS connections to SOAP Gateway, transfer and import the HTTPS client certificate into the SOAP Gateway truststore
- If server authentication is required for SSL connections with IMS Connect, export the IMS Connect certificate and import the IMS Connect server certificate to the SOAP Gateway truststore