The PKCS #12 trust manager provider is primarily useful if you already have the peer or issuer certificates to be used in a PKCS #12 file. If you do not have the certificates in this format, use the JKS trust manager provider instead. The Java keytool utility does not currently support importing trusted certificates (that is, those with just a public key and no private key information) into a PKCS #12 file.
The directory server provides a template PKCS #12 trust manager provider. Use dsconfig to configure the following properties of the PKCS #12 trust manager provider:
enabled. Indicates whether the PKCS #12 trust manager provider is enabled. The trust manager provider is not available for use by other server components unless this property has a value of true.
trust-store-type. Specifies the format of the trust store. For the PKCS #12 trust manager provider, the value is PKCS12.
trust-store-file. Specifies the path to the trust store file, which is typically config/truststore.p12, although an alternate file can be used if needed. The value of this property can be either an absolute path or a path that is relative to the install-dir.
A PIN might be required to access the contents of the PKCS #12 file. In this case, one of the following configuration attributes must be used to provide the password. (At the present time, the password must be provided in clear text.)
trust-store-pin. Specifies the PIN needed to access the trust store directly.
trust-store-pin-file. Specifies the path to a file containing the PIN needed to access the trust store. The value of this property can be either an absolute path or a path that is relative to the server root.
trust-store-pin-property. Specifies the name of a Java property that holds the PIN needed to access the trust store.
trust-store-pin-environment-variable. Specifies the name of an environment variable that holds the PIN needed to access the trust store.
$ dsconfig -D "cn=directory manager" -w password \ set-trust-manager-provider-prop \ --provider-name "PKCS12" --advanced