This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Websphere and the fly likes Configuring digital certificate in WAS 6.1 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Configuring digital certificate in WAS 6.1" Watch "Configuring digital certificate in WAS 6.1" New topic
Author

Configuring digital certificate in WAS 6.1

Vijay Chandran
Ranch Hand

Joined: Jan 07, 2007
Posts: 178
Dear friends,

I have a '.pfx' file given to me for configuration. This is a 'key store' file. The key store type is PKCS12
I have a 'trust store' file with no file extension but an encrypted file.

I need to configure the '.pfx' file in the Websphere applciation server 6.1.

I did the following configurations:
I configured the protocol,port number and port in the following link in websphere console:
Security -> SSL certificate and key management > Dynamic outbound endpoint SSL configurations > New
The protocol is HTTPS.

I added the unrestricted jar files in the following path:
C:\Program Files\IBM\WebSphere\AppServer\java\jre\lib\security

I have restarted the server.

I am not clear about the next step.

Following are my queries:
(1) How to import the '.pfx' file digital certificate in to the websphere
(2) Will the keytool command support the '.pfx' file?
(3) How can i verify that the certificate has been imported? Will any xml file or other be updated on websphere?

Request you to kindly provide your help in resolving my issues.


Thanks & Regards,
Vijay


Vijay Chandran
Ranch Hand

Joined: Jan 07, 2007
Posts: 178
Dear friends,

My application must communicate with a secure host using a digital certificate

I searched in the internet and found about the ikeyman utility.
I performed the following steps:
(1) I opened the ikeyman.exe file located in this path: C:\Program Files\IBM\WebSphere\AppServer\java\jre\bin
(2) Opened the key database file, which is the '.pfx' file by selecting the key database type as PKCS12.
(3) The ikeyman utility opened the file properly and i selected "Signer Certifcates" under the "Key database content" label.
(4) I clicked extract and the utility displayed a dialog box containing the following labels: data type, certificate file name and location.
(5) I selected "Binary DER data" as data type, entered the file name and selected the location and clicked OK.
(6) "Request successful" message appeared at the bottom of the utility and a '.der' file was created at the specified location.

After the above steps,
i issued the following command:

keytool -import -alias AliasName -file "C:/FileName.der" -keystore "C:/Program Files/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts".

Issuing this command should update the "cacerts" file located in this path: C:/Program Files/IBM/WebSphere/AppServer/java/jre/lib/security/

The import was successful. But the cacerts file didn'get updated. But the command created a new cacerts file in this file: C:\Program Files\IBM\WebSphere\AppServer\java\bin

My problems are?
Did i follow the right steps in the ikeyman utility?
Why the command didn't update the existing cacerts file and created a new file?
If i run the command properly again, will it update the cacerts file or replace the existing cacerts file.

Please help me in resolving the issue.

Thanks & Regards,
Vijay
bird liu
Greenhorn

Joined: May 27, 2009
Posts: 7
What is your senario? you want to config SSL for a web app or web service message level security?
Vijay Chandran
Ranch Hand

Joined: Jan 07, 2007
Posts: 178
I am calling a secure web service.

The web service provider has given a digital certificate which i should configure it in the WAS 6.1.

Using this certificate the SSL handshake happens with the web service provider and the WAS




Thanks,
Vijay
bird liu
Greenhorn

Joined: May 27, 2009
Posts: 7
You mean that sevice provider side already configured (ssl configuration)? If it is the case, the client side is very simple, you need to use keytool or ikeyman to create a self-signed trust store and create a SSL configuration in client side using admin console, then do the following in admin console: SSL certificate and key management > SSL configurations > 'your SSL configuration name' > Key stores and certificates > 'your trust store name' > Signer certificates, in this page, click retrive from port, input your service provider side host name and port number, the port number number is the web sevices's port number (created using web container transport chain), press retrieve signer information button, then save it. That is it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Configuring digital certificate in WAS 6.1
 
Similar Threads
Security Warning in WAS AE 4.0.3
SSLHandshakeException
How to verify/validate the Digital Certificate?
featchin security info. in jsp
Implementing SSL, JAX-WS Webservice IBM websphere JAX-WS runtime