1. Security Guide
  2. About Generating Keystore and Truststore Files

About Generating Keystore and Truststore Files

The Server Keystore, Client Keystore and truststore files are JKS files containing certificates. These files are necessary for the application container to be able to use secure two-way communications when connecting with other Siebel modules, as occurs during Siebel Management Console configuration and in normal operation.

Note: Siebel supports only JKS storetype. It is expected to explicitly pass store type while creating JKS file using keytool using the option "-storetype JKS".

Important points about generating the Server Keystore, Client Keystore and truststore files:

  • The Server Keystore and Client Keystore files must contain the server certificate chain and an imported CA certificate.

  • Generate your files so that the keystore file references both the private key and the public key, while the truststore file references the public key only.

  • Generate your certificates using the Java Runtime Environment (JRE) provided with your release.

  • Specify the password that was previously configured to open the certificate files.

  • Use the fully qualified domain names rather than IP addresses.

    Note: If you use IP address instead of FQDN, then certificates must be created with both FQDN and IP address as two separate SAN entries and in such cases, the Siebel Server fails. As a result, it is recommended that you use the FQDN rather than IP address.

    If you do not configure the Server Keystore, Client Keystore and truststore files correctly, then you will not be able to configure the Siebel Business Applications, as described in Configuring Security Adapters Using the Siebel Management Console, Authentication Related Configuration Parameters and Siebel Installation Guide.