This topic provides information about protecting the keystore file.
If you have generated a new keystore file specifically for use with IFM, it is best practice to protect it against unauthorized modification. Place the keystore file in the IFM data directory. The default for this directory is /ofm/data on Windows and /opt/ibm/ofm/data on Linux. Also, do not allow universal read access to the keystore file, and only allow write access for system administrators and the user ID that runs IFM.
Windows users can alter file permissions from Windows Explorer. Remove the access for the SYSTEM group and, if necessary, grant read and write permission for the IFM user ID. Linux users can assign the ownership of the keystore file to the IFM user and remove universal access using a command shell.
chown <ifmuser> <ksfile>
chmod 640 <ksfile>
The term <ifmuser> is the user ID under which IFM runs. The term <ksfile> is the fully qualified name of the keystore file. Do not include the "<>" characters.