Create SSL keystore file (DCAS only)

In order to communicate with a DCAS server, an SSL connection must be established using client authentication. This requires you to specify a keystore file. The supported keystore file types are PKCS12, JKS, or JCEKS (PKCS12 is not supported on Solaris). To create a keystore file to specify in the CMPI_DCAS_TRUSTSTORE parameter, use the java keytool). This keystore file must contain the ZIETrans DCAS client's certificate and the DCAS server's certificate (public key) information.
Note:
  1. If you set the CMPI_DCAS_USE_DEFAULT_TRUSTSTORE parameter to true, the JSSE default keystore file is used instead of the keystore file specified by the CMPI_DCAS_TRUSTSTORE parameter, and must contain the ZIETrans DCAS client's certificate and the DCAS server's certificate (public key) information.
  2. The ZIETrans DCAS client's certificate must also be added/imported to the DCAS server's keystore file for SSL client authentication.
If you already have an older certificate you can import it. Personal server certificates that were created with an old system cannot be exported from the old and imported into the new. There is however a way in which you can do this:
  1. Import the existing .kdb file into a new keystore file (PKCS12, JKS, or JCEKS).
  2. Export the certificate (such as, the DCAS personal server certificate) to a .p12 format certificate.
  3. Import the certificate (.p12 format) into a new keystore file (PKCS12, JKS, or JCEKS).
Figure 1. ZIETrans Certificate Management
Certificate Management
To create a new keystore file named ZIETransWelkeys.p12 that will be specified in the CMPI_DCAS_TRUSTSTORE parameter, take the following steps:
Note: If the target platform for your ZIETrans application is Solaris, instead of using Key database type of PKCS12 below, use either JCEKS or JKS instead.