IBM Integration Bus, Version 10.0.0.17 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS


Message Sets: Accepting self-signed certificates when importing WSDL

You can import WSDLs that reference schemas on self-signed secure HTTPS servers, by adding security certificates to the Java™ Virtual Machine JVM.

About this task

The following procedure enables you to add certificates from the SSL server to each instance of your JVM.

If you are using Windows 7, you must enter the commands from a console that has administration privileges.

Procedure

  1. Obtain the certificate from the server (it is a .cer file) and copy it into your filesystem. somewhere.

    This example uses D:\mb.cer

  2. Open a command prompt and navigate to your Java runtime environment (JRE) bin directory that is located in your IBM® Integration Bus install directory, for example, C:\Program Files\IBM\IIB\10.0.0.n\tools\common\jdk\jre\bin.
  3. Type in keytool -printcert -file D:\mb.cer
  4. You obtain some output, and the important parameter to check is the CN= value.

    The value should be the same as the server name from which the WSDL is requesting files.

  5. Input the certificate into a new keystore file.
    1. This procedure assumes that you can store your keystore file in D:\mb.keystore

      Note, that the alias must be the same name as the server and the name can be anything you require.

      For example, the name can be of the form <userID>.<servername>.ibm.com or subdomain.integrationbus.com

      The example within this topic uses the form <userID>.<servername>.ibm.com

    2. Type in:
      keytool -import -alias <userID>.<servername>.ibm.com -file
       D:\mb.cer -keystore D:\mb.keystore
    3. Import the certificate into a keystore file.

      You are either asked for a password, or you need to create a password when the system requests one. This is the password used in Step 7, and the example within this topic uses the word password.

    4. Select Yes to trust the certificate.
  6. Add the keystore as an argument when you start IBM Integration Bus.

    You must do this so that you can use the certificates you have just added to the keystore.

    1. Go back to C:\Program Files\IBM\IIB\10.0.0.n\tools.
  7. Type in:
    mb -vmargs -Djavax.net.ssl.trustStore=d:\\mb.keystore
     -Djavax.net.ssl.trustStorePassword=password
  8. Validate and import the WSDL

Results

You obtain a console output that is of the following format:
C:\Program Files\IBM\IIB\10.0.0.n\tools\common\jdk\jre\bin>keytool -printcert -file d:\
mb.cerOwner: EMAILADDRESS=jdoe@xx.ibm.com, CN=<userID>.
<servername>.ibm.com, OU=Integration, O=IBM, 
ST=<anystate>, C=<anycountry>Issuer: EMAILADDRESS=
jdoe@xx.ibm.com, CN=<userID>.<servername>.ibm.com, 
OU=Integration, O=IBM, ST=<anystate>, C=<anycountry>
Serial number: e1cabb1486f2bc7f
Valid from: 9/27/10 12:33 PM until: 9/27/11 12:33 PM
Certificate fingerprints:
         MD5:  ED:9B:BD:1C:C7:B5:8D:6E:F3:21:B7:92:26:25:52:9B
         SHA1: 5C:DE:70:CF:A5:64:96:16:C3:ED:4E:2C:A2:6E:EA:D3:A5:4B:69:BC

C:\Program Files\IBM\IIB\10.0.0.n\tools\common\jdk\jre\bin>keytool -import -alias <userID>
.<servername>.ibm.com -file d:\mb.cer -keystore  d:\mb.keystore
Enter keystore password:
Re-enter new password:
Owner: EMAILADDRESS=jdoe@xx.ibm.com, CN=<userID>.<servername>.ibm.com,
 OU=Integration, O=IBM, ST=<anystate>, C=<anycountry>
Issuer: EMAILADDRESS=jdoe@xx.ibm.com, CN=<userID>.<servername>.ibm.com,
OU=Integration, O=IBM, ST=<anystate>, C=<anycountry>
Serial number: e1cabb1486f2bc7f
Valid from: 9/27/10 12:33 PM until: 9/27/11 12:33 PM
Certificate fingerprints:
         MD5:  ED:9B:BD:1C:C7:B5:8D:6E:F3:21:B7:92:26:25:52:9B
         SHA1: 5C:DE:70:CF:A5:64:96:16:C3:ED:4E:2C:A2:6E:EA:D3:A5:4B:69:BC
Trust this certificate? [no]:  yes
Certificate was added to keystore

C:\Program Files\IBM\IIB\10.0.0.n\tools\common\jdk\jre\bin>cd ..

C:\Program Files\IBM\IIB\10.0.0.n\tools\common\jdk\jre>cd ..

C:\Program Files\IBM\IIB\10.0.0.n\tools\common\jdk>cd ..

C:\Program Files\IBM\IIB\10.0.0.n\tools>mb -vmargs -Djavax.net.ssl.trustStore=d:\\mb.keysto
re -Djavax.net.ssl.trustStorePassword=password

C:\Program Files\IBM\IIB\10.0.0.n\tools>

If an error occurs during the import of a WSDL definition, carefully check any errors that are reported. By default, all errors are written both to the screen and to the file that has the format *.wsdl.report.txt.


bd13710_.htm | Last updated 2019-07-13 08:13:36