Menu Search

Truststores have a number of roles within the Broker.

  • A truststore is required by a Port in order to support SSL client authentication.

  • Truststores have a optional role in end to end message encryption. The Broker acts as a Key Server so that publishing applications have convenient access to recipient's public keys.

  • Some authentication providers also use a truststore when connecting to authentication systems that are protected by a private issuer SSL certificate.

The following truststore types are supported.

  • File Trust Store. This type accepts the standard JKS truststore format understood by Java and Java tools such as keytool.

  • Non Java Trust Store. A non java trust store accepts key material in PEM and DER file formats. Either a path to the certificate on the server can be specified using the file:// protocol or the certificate can be uploaded with the data:// protocol

  • Managed Certificate Store. This type accepts key material in PEM and DER file formats. Contrary to the Non Java Trust Store this store allows the user to add multiple certificates and stores them in the broker configuration.

  • Site Specific Trust Store. This type will download a certificate from the provided SSL/TLS enabled URL. Note that you must specify both the protocol and the port. Example: https://example.com:443

Revocation attributes.

The following attributes apply to File Trust Stores only.

The following attributes apply to Non Java Trust Stores only.