Hi,
I have a customer question. They saw there are two options in runtimeconfig Certificates page:

1. Use system default or externally configured certificate store.
2. Use other: with full path of the key store file

They are using WebSphere 7.x and would like to use the keystore configured on the container (Websphere JVM) not the one in runtimeconfig. However, even they check Use system default or external configured certificate store in runtimeconfig Certificates page, it seems that OD application still tries to use the key store file configured in option 2. They have two questions:

1. What does option 1 "use system default..." mean and how it works?
2. In order to use keystore configured on the container, they have to use option 2 to point to the file referred by this discussion:

https://www.devconnectprogram.com/forums/posts/list/20036.page#p144896


Thanks,

Yidi

Basically, option 2 in Runtimeconfig sets the following JVM system properties so that any https client component running on the app server (weblm being one of them) can do outbound https connections to their respective server. Option 1 will not set those properties, and let any of the https client component get the secured connection from the app server's configuration. In case of Websphere, the system default is the best bet and customers should use the ibm console to perform necessary configuration, and it also depends of the particular https client component implementation.

javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
javax.net.ssl.trustStoreType = JKS

Hi Wilson,
This is very clear and helpful!
I also verified in lab using Tomcat (I don't have WAS) and it is working as designed.

Thanks,

Yidi