FileNet P8 Content Search Engine, Version 5.2.1       Application server:  WebSphere Application Server   Operating systems:  AIX, Linux, Linux on System z, Solaris, Windows

Deploying a self-signed certificate on the Content Platform Engine server (WebSphere Application Server)

To secure the Content Platform Engine server end of the communication with another server, you need to deploy the self-signed certificate that you generated on the other server into the keystore on the Content Platform Engine server.

Before you begin

Ensure that WebSphere® Deployment Manager and the WebSphere node agent are running and that all instances of Content Platform Engine are stopped.

Procedure

To deploy a self-signed certificate on Content Platform Engine:

  1. From the command line on the IBM® Content Search Services server, navigate to the YourCSSfolder\bin folder. YourCSSfolder is the folder where you installed IBM Content Search Services.
  2. Export the certificate to a file by running the following command:
    keytool -export -alias YourSelfSignedAlias
    -keypass YourKeyPassword -keystore selfSignedServerStore
    -storepass YourStorePassword -file selfSignedCert.cer
  3. Copy the selfSignedCert.cer file to a folder on the Content Platform Engine server, for example, C:\IBM\cssKeystore.
  4. On the Content Platform Engine server, log on to the WebSphere Integrated Solutions Console.
  5. Navigate to Security > SSL certificates and key management.
  6. Navigate to the signer certificates page, depending on the type of your WebSphere installation:
    Option Description
    WebSphere base edition or stand-alone environment Key stores and certificates > NodeDefaultTrustStore > Signer certificates
    WebSphere ND Key stores and certificates > CellDefaultTrustStore > Signer certificates
  7. Click Add.
  8. Type a certificate alias (for example, YourAlias) in the Alias field. The alias is how the certificate is referenced in the keystore. The alias you enter must differ from any existing alias in the keystore.
  9. In the File Name field, type the file name and path to where the certificate is located (for example, C:\IBM\cssKeystore\selfsignedCert.cer).
  10. In the Data Type field, select Base64-encoded ASCII data.
  11. Click Apply and then click Save to save your changes to the master configuration of WebSphere.
  12. Navigate to Servers > Server Types > WebSphere application servers.
  13. For each server instance (for example, server1, server2,...) complete the following substeps to set Java™ system parameters on the Content Platform Engine application server and to change the keystore type to pkcs12:
    1. Navigate to servern > Java and Process Management > Process Definition > Java Virtual Machine and add these two parameters in the Generic JVM arguments field:
      • -Djavax.net.ssl.trustStore=path_to_WebSphere_default_trustStore

        For example:

        -Djavax.net.ssl.trustStore=C:\Progra~1\IBM\WebSphere\AppServer\profiles\ AppSrv01\config\cells\MyServerCell01\trust.p12

        MyServerCell01 should reflect the value in your environment.

      • -Djavax.net.ssl.trustStorePassword=WebSphere_trustStore_password

        For example:

        -Djavax.net.ssl.trustStorePassword=WebAS

        Note that WebAS is the default password for the default truststore in WebSphere.

    2. In the WAS_HOME/java/jre/lib/security/java.security file, set the keystore type to pkcs12:
      keystore.type=pkcs12 

      If your application server is clustered, repeat this java.security file edit on each Content Platform Engine node in the cluster.

  14. If your application server is clustered, synchronize your changes to all the nodes in the cluster:
    1. Navigate to System Administration > Nodes.
    2. Select all the nodes in the cluster, and then click Full Resynchronize.
  15. In a command window, stop WebSphere Deployment Manager. When the stop command completes, restart WebSphere Deployment Manager:
    stopManager.bat -username username -password password
    startManager.bat
  16. Restart the node agents:
    1. Log on to the WebSphere Integrated Solutions Console.
    2. Navigate to System Administration > Node agents.
    3. Select all the node agents, and then click Restart.
  17. Restart the Content Platform Engine instances on the application server.


Last updated: March 2016
p8pin342.htm

© Copyright IBM Corporation 2013, 2016.