Export the certificate for the alias amserver using the following command:
keytool -list -keystore keystore_file -alias amserver -rfc
Store the exported X509 certificate, using the RFC format, in a file named server.txt.
Export the certificate from your custom keystore using the following command:
keytool -list -keystore custom_keystore_file -alias key alias -rfc
key alias is the alias of the private key used by the WSC to sign SOAP messages.
Store the exported X509 certificate, using the RFC format, in a file named client.txt.
Import the stored amserver certificate into the agent's custom keystore file using the following command:
keytool -import -keystore custom_keystore_file -alias custom_alias -file server.txt
Import the stored custom keystore's certificate into the Access Manager keystore file using the following command:
keytool -import -keystore custom_keystore_file -alias custom_alias -file client.txt
Generate a Discovery Service token for the WSC that will use the custom keystore with the following command:
keytool -import -keystore custom_keystore.jks -alias amserver -file server.txt
This allows the WSP which uses the custom keystore to trust the Access Manager Discovery Service.
Edit the following properties in the client's AMConfig.properties:
com.sun.identity.liberty.ws.wsc.certalias=alias_of_private_key_in_custom_client_keystore
This certificate is used by the Liberty X509/SAML profiles for signing the SOAP messages.
com.sun.identity.liberty.ws.trustedca.certaliases=alias_of_private_key_in_custom_server_keystore:AM_host_name
AMConfig.properties is located in javaee.home/domains/domain_name/config when the Java Platform, Enterprise Edition (Java EE) 5 SDK is installed and in javaee.home/addons/amserver when the Java EE 5 Tools Bundle is installed.