Bootstrap FreeKB - IBM WebSphere - Getting Started with Key Sets
IBM WebSphere - Getting Started with Key Sets
Updated:   |  IBM WebSphere articles

A key set group is a collection of one or more key sets. A key set is the collection of one or more keystores. A keystore is a file that contains one or more public certificate and the corresponding private key (aka key pair). 

Key set can be viewed by navigating to SecuritySSL certificate and key management > Key sets. Fortunately, WebSphere uses Lightweight Third Party Authentication (LTPA) by default, and LTPA uses two key sets (CellLTPAKeyPair and CellLTPASecret), thus there should always be two LTPA key set on the system.

 

Selecting CellLTPAKeyPair > Key stores and certificates will show you that the ltpa.jceks file is the keystore that contains the public certificates and private keys.

 

The contents of ltpa.jceks can be viewed on the command line. Be aware that you must use the Java keytool command that is included with WebSphere as the Java keytool that ships with WebSphere contains the com.ibm.ws.security.ltpa.LTPAKeyPairGenerator class, which is needed to view the contents of the ltpa.jceks keystore. 

${WAS_INSTALL_ROOT}/java/your_version/bin/keytool -list -keystore ${CONFIG_ROOT}/cells/DmgrCell01/ltpa.jceks -storetype jceks -storepass WebAS

 

Which will show that the ltpa.jceks keystore contains 3 entries, the LTPA secret key, the private key, and the public certificate.

Alias name: ltpasecret_1
Creation date: June 10, 2018
Entry type: SecretKeyEntry

*********************************************
*********************************************

Alias name: ltpakeypair_1_private
Creation date: June 10, 2018
Entry type: SecretKeyEntry

*********************************************
*********************************************

Alias name: ltpakeypair_1_public
Creation date: June 10, 2018
Entry type: SecretKeyEntry

 

By default, the Active key history page will have a single listing, LTPAKeyPair_1. This listing correlates to ltpakeypair_1_public and ltpakeypair_1_private in the ltpa.jceks keystore. Do not delete this listing, as this would remove ltpakeypair_1_public and ltpakeypair_1_private from the ltpa.jceks keystore, which would cause issues with LTPA.

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter e3fca9 in the box below so that we can be sure you are a human.