Content Platform Engine, Version 5.2.1       Application server:  WebSphere Application Server     

Adding an SSL signer to the Configuration Manager keystore (WebSphere)

If you are using SSL for communication between Configuration Manager and WebSphere® Application Server you might receive an SSL signer error when you test the connection to the application server or when you run the Deploy Application task. To resolve the issue, make sure that you have an entry for the SSL signer in the truststore that Configuration Manager uses.

Procedure

  1. Identify the serial number for the SSL certificate on the web application server.
    1. From the server where Configuration Manager is installed, browse to the WebSphere administrative console address.
    2. In the Security Alert dialog box, click View Certificate.
    3. Click the Details tab.
    4. Record the value for Serial number for the certificate.
    5. Click OK to dismiss the Certificate dialog box.
    6. Click Yes in the Security Alert dialog box to proceed.
  2. Identify the truststore location and filename.
    1. Log in to the WebSphere administrative console.
    2. Select Security > SSL certificate and key management.
    3. Select SSL configurations.
    4. Click the default SSL setting, NodeDefaultSSLSettings.
    5. Under the Related items link, click Key stores and certificates.
    6. Record the filename, such as trust.p12, in the Path column of the resource to be updated:
      Table 1. Resources to be updated
      Application server type Name of resource to be updated
      IBM® WebSphere Application Server NodeDefaultTrustStore
      Clusters built on IBM WebSphere Application Server Network Deployment CellDefaultSSLSettings
  3. Start IBM Key Management by entering one of the following commands from the command line:
    Option Description
    AIX®, HPUX, HPUXi, Linux, Linux on System z®, Solaris WAS-Home/AppServer/bin/ikeyman.sh
    Windows WAS-Home\AppServer\bin\ikeyman.bat
  4. Select Keybase File > Open.
    1. For the Key database type, select PKCS12.
    2. Click Browse to locate the filename you recorded in step 2. For example, the File Name field contains the filename, such as trust.p12. The Location field contains the absolute path to the truststore, such as C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\etc\ for Windows.
    3. Click OK.
    4. Enter the password and click OK. The default password is WebAS.
  5. Locate the signer certificate with the serial number that matches the serial number that you recorded in step 1.
    1. Double-click a certificate name other than default_signer to view the serial number for the certificate.
    2. Click OK to close the dialog box.
    3. Repeat until you have located the correct signer certificate.
  6. Extract the certificate.
    1. Select the signer certificate with the correct serial number, and click Extract.
    2. Provide a name and location, and then click OK.
  7. Add the certificate that you extracted to the trust file for Content Platform Engine.
    1. Open the DummyClientTrustFile.jks key database file located in the WebSphere profile for Content Platform Engine, such as C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\etc\ for Windows.
    2. Add the certificate that you extracted in step 6.
  8. Close IBM Key Management.


Last updated: March 2016
p8pia066.htm

© Copyright IBM Corporation 2013, 2016.