Adding Service Key Providers

  1. If you have not already done so, click Create to create a new session or click Edit to enter an existing session. See Using the Change Center.
  2. Select Project Explorer, then select a project or folder in which to add the service key provider. The Project/Folder View page is displayed.
  3. From the Create Resource drop-down list, select Service Key Provider to display the Create a New Service Key Provider page.
  4. In the Service Key Provider Name field, enter a unique name for this service key provider.
  5. In the Description field, enter a description for the service key provider.
  6. Do any of the following steps, shown in Table 15-2.
  7. Table 15-2 Authentication Options 
    To Add a Key-Pair for...
    Complete These Steps...
    Digital encryption
    1. Next to Encryption Key, click Browse.
    2. The Select an alias for Encryption Key window displays the key aliases from the key store that your realm's PKI credential mapper is using.

    3. In the Select an alias for Encryption Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)
    4. Select a key alias that maps to an X.509 certificate and that supports encryption.
    5. Click Submit.
    When you associate this service key provider with a proxy service, ALSB embeds the X.509 certificate into the proxy service's WSDL. The proxy service then uses this certificate to encrypt the messages that it sends to its endpoint. The proxy service uses the private key in the PKI credential to decrypt the messages that the endpoint returns.
    Digital signatures
    1. Next to Digital Signature Key, click Browse.
    2. The Select an alias for Digital Signature Key window displays the key aliases from the key store that your realm's PKI credential mapper is using.

    3. In the Select an alias for Digital Signature Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)
    4. Select a key alias.
    5. Click Submit.
    SSL client authentication (two-way SSL)
    1. Next to SSL Client Authentication Key, click Browse.
    2. The Select an alias for SSL Client Authentication Key window displays the key aliases from the key store that your realm's PKI credential mapper is using.

    3. In the Select an alias for SSL Client Authentication Key window, enter the password that you use to secure access to the key store. (You set the password when you create the keystore.)
    4. Select a key alias.
    5. Click Submit.

  8. Click Save. The service key provider is saved in the current session.
  9. To end the session and deploy the configuration to the run time, click Activate under Change Center.