WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Message Sets: Accepting self-signed certificates when importing WSDL

You can import WSDLs that reference schemas on self-signed secure HTTPS servers, by adding security certificates to the Java™ Virtual Machine JVM.

The following procedure enables you to add certificates from the SSL server to each instance of your JVM.

If you are using Windows 7, you must enter the commands from a console that has administration privileges.

  1. Obtain the certificate from the server (it is a .cer file) and copy it into your filesystem. somewhere.

    This example uses D:\mb.cer

  2. Open a command prompt and navigate to your Java runtime environment (JRE) bin directory that is located in your WebSphere® Message Broker install directory, for example, C:\Program Files\IBM\WMBT800\jdk\jre\bin.
  3. Type in keytool -printcert -file D:\mb.cer
  4. You obtain some output, and the important parameter to check is the CN= value.

    The value should be the same as the server name from which the WSDL is requesting files.

  5. Input the certificate into a new keystore file.
    1. This procedure assumes that you can store your keystore file in D:\mb.keystore

      Note, that the alias must be the same name as the server and the name can be anything you require.

      For example, the name can be of the form <userID>.<servername>.ibm.com or subdomain.messagebroker.com

      The example within this topic uses the form <userID>.<servername>.ibm.com

    2. Type in:
      keytool -import -alias <userID>.<servername>.ibm.com -file
       D:\mb.cer -keystore D:\mb.keystore
    3. Import the certificate into a keystore file.

      You are either asked for a password, or you need to create a password when the system requests one. This is the password used in Step 7, and the example within this topic uses the word broker.

    4. Select Yes to trust the certificate.
  6. Add the keystore as an argument when you start WebSphere Message Broker.

    You must do this so that you can use the certificates you have just added to the keystore.

    1. Go back three directories to: C:\Program Files\IBM\WMBT800.
  7. Type in:
    mb -vmargs -Djavax.net.ssl.trustStore=d:\\mb.keystore
     -Djavax.net.ssl.trustStorePassword=broker 
  8. Validate and import the WSDL
You obtain a console output that is of the following format:
C:\Program
Files\IBM\WMBT800\jdk\jre\bin>keytool -printcert -file d:\
mb.cerOwner: EMAILADDRESS=jdoe@xx.ibm.com, CN=<userID>.
<servername>.ibm.com, OU=Message Broker Toolkit, O=IBM, 
ST=<anystate>, C=<anycountry>Issuer: EMAILADDRESS=
jdoe@xx.ibm.com, CN=<userID>.<servername>.ibm.com, 
OU=Message Broker Toolkit, O=IBM, ST=<anystate>, C=<anycountry>
Serial number: e1cabb1486f2bc7f
Valid from: 9/27/10 12:33 PM until: 9/27/11 12:33 PM
Certificate fingerprints:
         MD5:  ED:9B:BD:1C:C7:B5:8D:6E:F3:21:B7:92:26:25:52:9B
         SHA1: 5C:DE:70:CF:A5:64:96:16:C3:ED:4E:2C:A2:6E:EA:D3:A5:4B:69:BC

C:\Program
Files\IBM\WMBT800\jdk\jre\bin>keytool -import -alias <userID>
.<servername>.ibm.com -file d:\mb.cer -keystore  d:\mb.keystore
Enter keystore password:
Re-enter new password:
Owner: EMAILADDRESS=jdoe@xx.ibm.com, CN=<userID>.<servername>.ibm.com,
 OU=Message Broker Toolkit, O=IBM, ST=<anystate>, C=<anycountry>
Issuer: EMAILADDRESS=jdoe@xx.ibm.com, CN=<userID>.<servername>.ibm.com,
OU=Message Broker Toolkit, O=IBM, ST=<anystate>, C=<anycountry>
Serial number: e1cabb1486f2bc7f
Valid from: 9/27/10 12:33 PM until: 9/27/11 12:33 PM
Certificate fingerprints:
         MD5:  ED:9B:BD:1C:C7:B5:8D:6E:F3:21:B7:92:26:25:52:9B
         SHA1: 5C:DE:70:CF:A5:64:96:16:C3:ED:4E:2C:A2:6E:EA:D3:A5:4B:69:BC
Trust this certificate? [no]:  yes
Certificate was added to keystore

C:\Program
Files\IBM\WMBT800\jdk\jre\bin>cd ..

C:\Program
Files\IBM\WMBT800\jdk\jre>cd ..

C:\Program
Files\IBM\WMBT800\jdk>cd ..

C:\Program
Files\IBM\WMBT800>mb -vmargs -Djavax.net.ssl.trustStore=d:\\mb.keysto
re -Djavax.net.ssl.trustStorePassword=broker

C:\Program
Files\IBM\WMBT800>

If an error occurs during the import of a WSDL definition, carefully check any errors that are reported. By default, all errors are written both to the screen and to the file that has the format *.wsdl.report.txt.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:01


Task topicTask topic | Version 8.0.0.7 | bd13710_