If you are using SSL for communication between Content Engine and WebSphere® Application
Server you might receive an SSL
signer error when you test the connection to the application server
or when you run the Deploy Application task. To resolve the issue,
make sure that you have an entry for the SSL signer in the truststore
that Configuration Manager uses.
- Identify the serial number
for the SSL certificate on the web application server.
- From the server where Configuration Manager is installed,
browse to the WebSphere administrative
console address.
- In the Security
Alert dialog box,
click View Certificate.
- Click the Details tab.
- Record the value for Serial number for
the certificate.
- Click OK to
dismiss the Certificate dialog
box.
- Click Yes in
the Security
Alert dialog box to proceed.
- Identify the truststore
location and filename.
- Log in to the WebSphere administrative
console.
- Select .
- Select SSL configurations.
- Click the default SSL setting, NodeDefaultSSLSettings.
- Under the Related items link,
click Key stores and certificates.
- Record the filename in the Path column
for the truststore NodeDefaultTrustStore, such
as trust.p12.
- Start IBM® Key Management
by entering one of the following commands at a command prompt:
Option |
Description |
UNIX® |
WAS-Home/AppServer/bin/ikeyman.sh |
Windows® |
WAS-Home\AppServer\bin\ikeyman.bat |
- Select .
- For the Key database type,
select PKCS12.
- Click Browse to
locate the filename
you recorded in step 2. For example, the File Name filed contains the filename, such
as trust.p12. The Location field
contains the absolute path to the truststore, such as C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\etc\ for Windows.
- Click OK.
- Enter the password and click OK. The
default password is WebAS.
- Locate the signer certificate with the
serial number that
matches the serial number that you recorded in step 1.
- Double-click a certificate name other than default_signer to
view the serial number for the certificate.
- Click OK to close the dialog
box.
- Repeat until you have located the
correct signer certificate.
- Extract the certificate.
- Select the signer certificate with the correct serial
number, and click Extract.
- Provide a name and location, and then click OK.
- Add the certificate that you
extracted to the trust file
for Content Engine.
- Open the DummyClientTrustFile.jks key
database file located in the WebSphere profile
for Content Engine, such as C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\etc\ for Windows.
- Add the certificate that you extracted in step 6.
- Close IBM Key
Management.