The following message points use these keystores to verify X.509 certificates used for digital signature or XML encryption:
Request consumers, as defined in the ibm-webservices-bnd.xmi file.
Respond to consumers (when one Web service acts as a client of another Web service) as defined in the IBM-webserviceclient-bnd.xmi file.
Keystore is very important for the integrity of digital signature verification. If the keystore is tampered with, the verification result of digital signature will not be credible. Therefore, it is recommended that you protect these keystores. The binding configuration specified for the requesting consumer in the ibm-webservices-bnd.xmi file must match that of the requesting producer in the IBM-webserviceclient-bnd.xmi file.
Trust anchor is defined as java.security.cert.TrustAnchor in Java CertPath application programming interface (API). The Java CertPath API uses trust anchors and certificate stores to verify incoming X.509 certificates embedded in SOAP messages. The security implementation of Web services in WebSphere Application Server supports this trust anchor. In WebSphere Application Server, the trust anchor is represented as a Java keystore object. The type, path and password of the keystore are passed to the implementation through the management console or script.