Creating the server truststore for SOAP Gateway

Create a truststore for SOAP Gateway to store the HTTPS client certificates, or the SSL server certificate (from IMS Connect).

If the truststore is used to store the server certificate from IMS Connect, the Java™ keystore must have a valid X.509 certificate from IMS Connect for authentication.

To provide a Java keystore on the client:

Create a truststore:

keytool -genkey -alias server.truststore -dname 
"CN=SOAP Gateway Keystore OU=IBM SWG, O=IBM, C=US" 
-keyalg RSA -keypass password -storepass password 
-keystore "/path/to/server.truststore.ks"

For NIST SP800-131a, specify SHA256withRSA for the signature algorithm and 2048 for the key size.

keytool -genkey -alias server.truststore -dname 
"CN=SOAP Gateway Keystore OU=IBM SWG, O=IBM, C=US" 
-keyalg RSA -sigalg SHA256withRSA  -keysize 2048 
-keypass password -storepass password 
-keystore "/path/to/server.truststore.ks"

If client authentication is required for HTTPS connections to SOAP Gateway, transfer and import the HTTPS client certificate into the SOAP Gateway truststore
If server authentication is required for SSL connections with IMS Connect, export the IMS Connect certificate and import the IMS Connect server certificate to the SOAP Gateway truststore