• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Configuring digital certificate in WAS 6.1

 
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear friends,

I have a '.pfx' file given to me for configuration. This is a 'key store' file. The key store type is PKCS12
I have a 'trust store' file with no file extension but an encrypted file.

I need to configure the '.pfx' file in the Websphere applciation server 6.1.

I did the following configurations:
I configured the protocol,port number and port in the following link in websphere console:
Security -> SSL certificate and key management > Dynamic outbound endpoint SSL configurations > New
The protocol is HTTPS.

I added the unrestricted jar files in the following path:
C:\Program Files\IBM\WebSphere\AppServer\java\jre\lib\security

I have restarted the server.

I am not clear about the next step.

Following are my queries:
(1) How to import the '.pfx' file digital certificate in to the websphere
(2) Will the keytool command support the '.pfx' file?
(3) How can i verify that the certificate has been imported? Will any xml file or other be updated on websphere?

Request you to kindly provide your help in resolving my issues.


Thanks & Regards,
Vijay


 
Vijay Chandran
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear friends,

My application must communicate with a secure host using a digital certificate

I searched in the internet and found about the ikeyman utility.
I performed the following steps:
(1) I opened the ikeyman.exe file located in this path: C:\Program Files\IBM\WebSphere\AppServer\java\jre\bin
(2) Opened the key database file, which is the '.pfx' file by selecting the key database type as PKCS12.
(3) The ikeyman utility opened the file properly and i selected "Signer Certifcates" under the "Key database content" label.
(4) I clicked extract and the utility displayed a dialog box containing the following labels: data type, certificate file name and location.
(5) I selected "Binary DER data" as data type, entered the file name and selected the location and clicked OK.
(6) "Request successful" message appeared at the bottom of the utility and a '.der' file was created at the specified location.

After the above steps,
i issued the following command:

keytool -import -alias AliasName -file "C:/FileName.der" -keystore "C:/Program Files/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts".

Issuing this command should update the "cacerts" file located in this path: C:/Program Files/IBM/WebSphere/AppServer/java/jre/lib/security/

The import was successful. But the cacerts file didn'get updated. But the command created a new cacerts file in this file: C:\Program Files\IBM\WebSphere\AppServer\java\bin

My problems are?
Did i follow the right steps in the ikeyman utility?
Why the command didn't update the existing cacerts file and created a new file?
If i run the command properly again, will it update the cacerts file or replace the existing cacerts file.

Please help me in resolving the issue.

Thanks & Regards,
Vijay
 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is your senario? you want to config SSL for a web app or web service message level security?
 
Vijay Chandran
Ranch Hand
Posts: 186
Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am calling a secure web service.

The web service provider has given a digital certificate which i should configure it in the WAS 6.1.

Using this certificate the SSL handshake happens with the web service provider and the WAS




Thanks,
Vijay
 
bird liu
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You mean that sevice provider side already configured (ssl configuration)? If it is the case, the client side is very simple, you need to use keytool or ikeyman to create a self-signed trust store and create a SSL configuration in client side using admin console, then do the following in admin console: SSL certificate and key management > SSL configurations > 'your SSL configuration name' > Key stores and certificates > 'your trust store name' > Signer certificates, in this page, click retrive from port, input your service provider side host name and port number, the port number number is the web sevices's port number (created using web container transport chain), press retrieve signer information button, then save it. That is it.
 
I am not a spy. Definitely. Definitely not a spy. Not me. No way. But this tiny ad ...
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic