WebSphere FAQs… you don’t ask because they might think you don’t know basics: Part-3

What is a ketstore?

A keystore is a database that contains private keys with their associated certificates. The keystore will be used for encrypting/signing something with your private key

What is A truststore ?

What is a Truststore contains certificates to trust like CA certs and remote server certs. Trust stores will be used mostly to authenticate remote servers etc.

What is root certificate?

a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority (CA). Digital certificates are verified using a chain of trust. The trust anchor for the digital certificate is the Root Certificate Authority (CA).

A root certificate is the top-most certificate of the tree, the private key of which is used to “sign” other certificates. All certificates immediately below the root certificate inherit the trustworthiness of the root certificate. Certificates further down the tree also depend on the trustworthiness of the intermediates.

The root certificate is usually made trustworthy by some mechanism other than a certificate, such as by secure physical distribution. For example, some of the most well-known root certificates are distributed in the Internet browsers by their manufacturers. [From Wikipedia]

What is an intermediate certificate?

Trusted Root CA certificate can also be used to create another certificate, which in turn will then be used to issue SSL Certificates. So, an intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a certificate chain that begins at the trusted root CA, through the intermediate and ending with the SSL certificate issued to you. Such certificates are called chained root certificates. As the Intermediate Certificate is issued by the Trusted Root CA, any SSL Certificates issued by the Intermediate Certificate inherits the trust of the Trusted Root – effectively creating a certification chain of trust.

Why to use intermediate certificates?

There are mainly two advantages.

1) Creating certificates directly from the CA root certificate increases the risk of root certificate compromise, and if the CA root certificate is compromised, the entire trust infrastructure built by the SSL provider will fail. The usage of intermediate certificates for issuing SSL certificates to end entities, therefore, provides an added level of security.

2) Intermediates also help by constraining the size of the Certificate Revocation List (CRL) associated with a certificate product. By periodically rolling over the intermediate CA that signs the end entity certificates CRL’s are kept to a minimum. Maintaining optimal CRL sizes ensures that customers have a smooth and seamless experience visiting SSL-secured websites while full security is maintained transparently to customers/end users.

What is in-bound and out-bound on the SSL settings in websphere?

Simply imagine the bus routes in your city. They are named north-bound/souuth-bound etc.. Based on the direction they travel.

In websphere inbound/outbound does the same. They specify the direction of the SSL connection. Inbound represents all server endpoints that receive connection. Outbound represents all the client side connections from the carious servers within the cell.

What is a WebSphere application server release means?

Simply it is a new version. Like 6.0, 6.1, 7.0, 8.0 etc. These releases include major new function, archictural changes etc..

What is a refresh pack?

A refresh pack includes minor new features and fixes. Say 6.0.1 is a refresh pack for 6.0 and 6.0.2 is a refresh pack for 6.0.1. Say now you are applying refresh pack 6.0.2, it includes all the fueatures and fixes in 6.0.1 plus fixpack and interm fixes published for 6.0.1.  So a refresh pack is cumulative.

What is a fix pack?

A fix pack is a package of fixes. Fixpacks install on top of refresh packs or on top of previous packs. For example your present software version is 6.1.0 and you are applying, this is called fixpack and will also be called as fixpack 23 for 6.1.0. After applying this fixpack23, your server version will be

A fix pack uninstalls all interm fixes applied to the release since the lasr refresh pack or fixpack was installed. Therefore IBM suggests checking the list of delivered fixes to determine if an intermfix needs to be installed.
May not be correct but in other words, a fix pack is a package of fixes for a refresh pack.

What is fix/interim fix/Emergency fix etc..?

These are single fixes published to resolve/fix an product defect/known issue. The next release of fixpack will contain these interim/emergency fixes and you are expected to apply the new fix pack.

Note: The questions answered in this series are some of the questions i was asked through email from my blog subscribers/users. and questions in part-3 are asked a minimum of 3 times.


One thought on “WebSphere FAQs… you don’t ask because they might think you don’t know basics: Part-3

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s