A keystore contains your own private keys and certificates. In other words, these are the keys and certificates that you own, which will be used to encrypt the traffic to your WebSphere admin console and the apps running on WebSphere. A truststore contains certificates. In other words, this is a store of external or remote certificates that you trust, and these almost always should be certificates from a trusted certificate authority (CA).
- In the left panel of the WebSphere web console, expand Security and select SSL certificate and key management.
- Select SSL configurations.
- Select key stores and certificates.
- Select a keystore.
- Select Personal certificates.
In this example, there are two entries. The first is the default certificate, and the second is the certificate chain. Probably the most important information displayed is the expiration date of the keys and certificates in the keystore. The keytool command can be used to view the keys and certificates in the keystore.
The certificate is used to encrypt the traffic between the client and the server. For example, when connecting to the WebSphere admin console, HTTPS can be used to encrypt the connection. It is noteworthy that the web browser will compalin that the site is not secure. This is the expected behavior when using the default IBM certificate that is used when WebSphere is installed, because the certificate is not in the trusted root certificate authorities store.
Likewise, if you have apps that are using the default IBM certificate, the browser will complain that the site is not secure. This is perfectly OK in your development environment, but should never be used in a production environment. You can purchase a certificate from a trusted certificate authority (CA), such as www.verisign.com, and then the browswer will no longer complain that the site is not secure.