Trust Store Management

Secure communication using SSL/TLS is essential for protecting sensitive data in modern applications. Trust stores are used to verify the authenticity of server certificates and to establish secure connections.

The ZIEWEB Client application supports multiple trust store sources, allowing secure communication across different platforms. The supported trust sources include:

• Default JVM keystore (cacerts)

• Custom JKS files

• Windows certificate store

• Well-known trusted Certificate Authorities (CAs)

• SAF keyrings on IBM z/OS

Trust store configuration is flexible and is controlled through properties defined in the web.properties file. This approach keeps trust store management simple and consistent while ensuring secure connectivity.

The following parameters are used to configure the trust store for the Hex application. These settings are required to establish SSL/TLS trust when the application makes outbound HTTPS requests.

Key Parameters in web.properties

• ENABLE_DEFAULT_CACERTS

  Enables the default JVM trust store (cacerts).

• ENABLE_CUSTOM_JKS

  Enables the use of a custom JKS file from the HTTP server.

• ENABLE_WINDOWS_BROWSER

  Enables the Windows certificate store.

• ENABLE_SAF_KEYRING

  Enables the SAF keyring (IBM z/OS only).

• ENABLE_WELLKNOWN_JKS

  Enables a well-known trusted JKS file.

• SSLSAFKeyringID

  Specifies the keyring ID for the SAF trust store.

• SSLSAFKeyringOwnerID

  Specifies the owner ID for the SAF keyring.

• JRE_DEFAULT_KEYSTORE

  Specifies the password for the JVM default keystore (cacerts).

Based on the true/false values configured in the web.properties file, the corresponding trust store options are enabled or disabled. The SSL/TLS behavior is applied dynamically at runtime according to the configured settings.