Web Service Attributes Editor: Certificates

See Also 

In the WSIT tab's Certificates section, on the client side, you must configure a keystore and truststore file for some of the security mechanisms. You can download valid keystore and truststore files for the client and server from https://xwss.dev.java.net/.

You can set the following options:

• Keystore Location. The directory and file name containing the certificate key to be used to authenticate the client. If you are using the downloaded XWSS certificate, select client-keystore.jks from the location where you downloaded this file.
• Keystore Password. Specify a password for the keystore used by the client. When specified, this password is stored in a WSIT configuration file in clear text. Setting the keystore password in the development environment is fine, however, when you go into production, remember to use the container’s default CallbackHandler to obtain the keys from the keystore. This eliminates the need for the keystore passwords to be supplied by the users. You can also specify the passwords for keystores and truststores by specifying a CallbackHandler class that implements the javax.security.auth.callback. CallbackHandler interface in the Keystore Password, Truststore Pass word, or Key Password fields. If you are using the downloaded XWSS certificates, the password is changeit.
• Alias. Select the client certificate and private key in the keystore. If you are using the downloaded XWSS certificates, this is xws-security-client. Click the Load Aliases button to populate the Alias list with all of the certificates available in the selected keystore if the keystore location and password are correct.
• Key Password. If the client key has been password-protected, enter the password for this key. The XWSS certificate key has not been passworded.
• Truststore Location. The directory and file name of the client truststore containing the certificate of the server. If you are using the downloaded XWSS certificate, select client-truststore.jks from the location where you downloaded this file.
• Truststore Password. Specify a password for the truststore used by the client. When specified, this password is stored in a WSIT configuration file in clear text. Setting the truststore password in the development environment is fine, however, when you go into production, remember to use the container’s default CallbackHandler to obtain the keys from the keystore. This eliminates the need for the keystore passwords to be supplied by the users. You can also specify the passwords for keystores and truststores by specifying a CallbackHandler class that implements the javax.security.auth.callback.CallbackHandler interface in the Keystore Password, Truststore Password, or Key Password fields. If you are using the downloaded XWSS certificates, the password is changeit.
• Alias. Select the alias of the server certificate and private key in the client truststore. If you are using the downloaded XWSS certificates, the alias of the server is s1as.