Creating a truststore when using SAML
Before you begin
About this task
When using a SAML connection, the Sametime server must be able to decode the SAML tokens. You need to know how many SAML partnerships or relying party trusts are required. For information on identifying the number, see Setting up SSO using SAML. If you are supporting more than one relying party trust, create one trust store that contains certificates for each one.
The SAML trust store file name must be samltruststore.p12.
Procedure
Run the following command.
keytool -importcert -storetype PKCS12 -keystore samltruststore.p12 -storepass truststore_password -alias alias_name -file file_to_trust.crt -noprompt
- truststore_password
- The desired password for your trust store. Save the password for later use.
- alias_name
- The value to display in the trust store, each certificate must have a unique alias.
- file_to_trust.crt
- The full path to the certificate you are adding to the trust store.
Note: If you are using OpenJDK version 11 and later, add
the
-J-Dkeystore.pkcs12.legacy
parameter to the command.
For
example:keytool -importcert -storetype PKCS12 -keystore samltruststore.p12 -storepass truststore_password -alias alias_name -file file_to_trust.crt -noprompt -J-Dkeystore.pkcs12.legacy
What to do next
To complete the configuration, refer to one of the following topics.