FileNet P8 Content Engine, Version 5.0.+       Application server:  WebSphere Application Server     

Adding an SSL signer to the Configuration Manager keystore (WebSphere)

If you are using SSL for communication between Content Engine and WebSphere® Application Server you might receive an SSL signer error when you test the connection to the application server or when you run the Deploy Application task. To resolve the issue, make sure that you have an entry for the SSL signer in the truststore that Configuration Manager uses.

  1. Identify the serial number for the SSL certificate on the web application server.
    1. From the server where Configuration Manager is installed, browse to the WebSphere administrative console address.
    2. In the Security Alert dialog box, click View Certificate.
    3. Click the Details tab.
    4. Record the value for Serial number for the certificate.
    5. Click OK to dismiss the Certificate dialog box.
    6. Click Yes in the Security Alert dialog box to proceed.
  2. Identify the truststore location and filename.
    1. Log in to the WebSphere administrative console.
    2. Select Security > SSL certificate and key management.
    3. Select SSL configurations.
    4. Click the default SSL setting, NodeDefaultSSLSettings.
    5. Under the Related items link, click Key stores and certificates.
    6. Record the filename in the Path column for the truststore NodeDefaultTrustStore, such as trust.p12.
  3. Start IBM® Key Management by entering one of the following commands at a command prompt:
    Option Description
    UNIX® WAS-Home/AppServer/bin/ikeyman.sh
    Windows® WAS-Home\AppServer\bin\ikeyman.bat
  4. Select Keybase File > Open.
    1. For the Key database type, select PKCS12.
    2. Click Browse to locate the filename you recorded in step 2. For example, the File Name filed contains the filename, such as trust.p12. The Location field contains the absolute path to the truststore, such as C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\etc\ for Windows.
    3. Click OK.
    4. Enter the password and click OK. The default password is WebAS.
  5. Locate the signer certificate with the serial number that matches the serial number that you recorded in step 1.
    1. Double-click a certificate name other than default_signer to view the serial number for the certificate.
    2. Click OK to close the dialog box.
    3. Repeat until you have located the correct signer certificate.
  6. Extract the certificate.
    1. Select the signer certificate with the correct serial number, and click Extract.
    2. Provide a name and location, and then click OK.
  7. Add the certificate that you extracted to the trust file for Content Engine.
    1. Open the DummyClientTrustFile.jks key database file located in the WebSphere profile for Content Engine, such as C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\etc\ for Windows.
    2. Add the certificate that you extracted in step 6.
  8. Close IBM Key Management.


Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)