I have a '.pfx' file given to me for configuration. This is a 'key store' file. The key store type is PKCS12
I have a 'trust store' file with no file extension but an encrypted file.
I need to configure the '.pfx' file in the Websphere applciation server 6.1.
I did the following configurations:
I configured the protocol,port number and port in the following link in websphere console:
Security -> SSL certificate and key management > Dynamic outbound endpoint SSL configurations > New
The protocol is HTTPS.
I added the unrestricted jar files in the following path:
I have restarted the server.
I am not clear about the next step.
Following are my queries:
(1) How to import the '.pfx' file digital certificate in to the websphere
(2) Will the keytool command support the '.pfx' file?
(3) How can i verify that the certificate has been imported? Will any xml file or other be updated on websphere?
Request you to kindly provide your help in resolving my issues.
Thanks & Regards,
Joined: Jan 07, 2007
My application must communicate with a secure host using a digital certificate
I searched in the internet and found about the ikeyman utility.
I performed the following steps:
(1) I opened the ikeyman.exe file located in this path: C:\Program Files\IBM\WebSphere\AppServer\java\jre\bin
(2) Opened the key database file, which is the '.pfx' file by selecting the key database type as PKCS12.
(3) The ikeyman utility opened the file properly and i selected "Signer Certifcates" under the "Key database content" label.
(4) I clicked extract and the utility displayed a dialog box containing the following labels: data type, certificate file name and location.
(5) I selected "Binary DER data" as data type, entered the file name and selected the location and clicked OK.
(6) "Request successful" message appeared at the bottom of the utility and a '.der' file was created at the specified location.
After the above steps,
i issued the following command:
Issuing this command should update the "cacerts" file located in this path: C:/Program Files/IBM/WebSphere/AppServer/java/jre/lib/security/
The import was successful. But the cacerts file didn'get updated. But the command created a new cacerts file in this file: C:\Program Files\IBM\WebSphere\AppServer\java\bin
My problems are?
Did i follow the right steps in the ikeyman utility?
Why the command didn't update the existing cacerts file and created a new file?
If i run the command properly again, will it update the cacerts file or replace the existing cacerts file.
What is your senario? you want to config SSL for a web app or web service message level security?
Joined: Jan 07, 2007
I am calling a secure web service.
The web service provider has given a digital certificate which i should configure it in the WAS 6.1.
Using this certificate the SSL handshake happens with the web service provider and the WAS
Joined: May 27, 2009
You mean that sevice provider side already configured (ssl configuration)? If it is the case, the client side is very simple, you need to use keytool or ikeyman to create a self-signed trust store and create a SSL configuration in client side using admin console, then do the following in admin console: SSL certificate and key management > SSL configurations > 'your SSL configuration name' > Key stores and certificates > 'your trust store name' > Signer certificates, in this page, click retrive from port, input your service provider side host name and port number, the port number number is the web sevices's port number (created using web container transport chain), press retrieve signer information button, then save it. That is it.
subject: Configuring digital certificate in WAS 6.1