Support for a particular type of keystore in the Liberty profile can depend on what is supported by the underlying Java Runtime Environment (JRE). This document shows how to configure different keystore type in the Liberty profile.
For more information on configuration attributes of the keystore element, see Liberty profile: SSL configuration attributes.
JKS and JCEKS keystore are common between the IBM JRE and the Oracle JRE, and can be configured the same using either JRE. JKS is the default keystore type in the Liberty profile, so if no keystore type is specified in the configuration, JKS is used.
<keyStore id="sampleJKSKeyStore"
location="MyKeyStoreFile.jks"
type="JKS" password="myPassword" />
<keyStore id="sampleJCEKSKeyStore"
location="MyKeyStoreFile.jceks"
type="JCEKS" password="myPassword" />
<keyStore id="samplePKCS12KeyStore"
location="MyKeyStoreFile.p12"
type="PKCS12" password="myPassword" />
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=org.apache.harmony.security.provider.PolicyProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
security.provider.10=com.ibm.security.cmskeystore.CMSProvider
<keyStore id="sampleCMSKeyStore"
password="myPassword"
location="MyKeyStoreFile.kdb"
provider="IBMCMSProvider"
type="CMSKS"/>