ACert tool checks SSL certificates for expiration
dates
Downloadable files
Abstract
A command-line tool checks expiration dates of all SSL
certificates defined in WebSphere® Application Server SSL
repositories.
Download Description
ACert is a command-line tool that checks the WebSphere Application
Server expiration dates of all SSL certificates defined in Application
Server SSL repertoires. The expiration dates of each certificate are
displayed.
Checking SSL certificates can help avoid application failures due to
expired SSL certificates used for authentication within the Application
Server and secure communications between the Application Server and the
plug-in running within a Web server.
ACert does not check the WebSphere truststore for expired certificates,
only SSL certificates that are defined in SSL repertoires.
History:
10 July 2005: Updated to reflect support for V6.0
13 April 2005: Updated Windows® image to resolve usage issues
14 March 2005: Provided Windows, UNIX® and iSeries® unique images to
simplify installation
10 March 2005: Revised installation instructions
31 March 2004: Created
Prerequisites
WebSphere Application Server V5.0, V5.1 or V6.0 installation.
Installation Instructions
To install ACert on Windows (WebSphere 5.x), unzip the file into the
root directory of the WebSphere Application Server to be checked:
For WebSphere Application Server base, unzip ACert.zip
into the install_root directory. For example,
c:\WebSphere\AppServer
For Network Deployment, unzip into the Network Deployment
nd_install_root directory.
If there is any possibility that different certificates have been
installed in other nodes, or if you are not sure whether unique
certificates will be installed on some nodes, unzip ACert into those nodes
as well.
Instructions for "Using JAR to open WebSphere Fix Pack zip files" are
below.
To launch the tool on Microsoft® Windows® (WebSphere 5.x):
Open a command window.
Change directory to install_root\bin . If you are running ACert
in a Network Deployment environment, change to the
nd_install_root\bin directory.
Type launchacert.bat and press Enter.
Note: In previous versions of ACert, a mistake in the bat file
prevented it from launching correctly, particularly if WebSphere installed
in a directory containing blanks in the directory name (such as Program
Files). The phrase com.ibm.ws.bootstrap.WSLauncher ACert
%"WAS_HOME"% or com.ibm.ws.bootstrap.WSLauncher ACert
%WAS_HOME% should read,com.ibm.ws.bootstrap.WSLauncher ACert
"%WAS_HOME%"
On Windows®, be sure to execute launchACert.bat.
launchACert (no file extension) is a launch script for
AS/400.
To install ACert on Windows (WebSphere 6.x), unzip the file into the
profile directory of the profile to be checked:
For example, c:\WebSphere\AppServer\profiles\dmgr
If there is any possibility that different certificates have been
installed in other profiles or other nodes, or if you are not sure whether
unique certificates will be installed on some nodes, unzip ACert into
those nodes or profiles as well.
Instructions for "Using JAR to open WebSphere Fix Pack zip files" are
below.
To launch the tool on Microsoft® Windows® (WebSphere 6.x):
Open a command window.
Change directory to
install_root\profiles\profile_namebin .
Type launchacert.bat and press Enter.
Note: In previous versions of ACert, a mistake in the bat file
prevented it from launching correctly, particularly if WebSphere installed
in a directory containing blanks in the directory name (such as Program
Files). The phrase com.ibm.ws.bootstrap.WSLauncher ACert
%"WAS_HOME"% or com.ibm.ws.bootstrap.WSLauncher ACert
%WAS_HOME% should read,com.ibm.ws.bootstrap.WSLauncher ACert
"%WAS_HOME%"
On Windows®, be sure to execute launchACert.bat.
launchACert (no file extension) is a launch script for
AS/400.
To install ACert on UNIX (WebSphere 5.x), unjar the file into the root
directory of the WebSphere Application Server to be checked:
For WebSphere Application Server base, copy the jar file
ACertUnixWAS5.jar into the install_root directory,
such as /usr/WebSphere/AppServer, then
Unjar using the jar -xvf ACertUnixWAS5.jar command.
For Network Deployment, unjar into the Network Deployment
nd_install_root directory.
If there is any possibility that different certificates have been
installed in other nodes, or if you are not sure whether unique
certificates will be installed on some nodes, unjar
ACertUnixWAS5.jar into those nodes as well.
To install ACert on UNIX (WebSphere 6.x), unjar the file into the profile
directory of the WebSphere Application Server to be checked:
For example, copy the jar file ACertUnixWAS6.jar into
/usr/WebSphere/AppServer/profiles/dmgr, then
Unjar using the jar -xvf ACertUnixWAS6.jar command.
If there is any possibility that different certificates have been
installed in other nodes or profiles, or if you are not sure whether
unique certificates will be installed on some nodes, unjar
ACertUnixWAS6.jar into those nodes or profiles as well.
To launch ACert on UNIX® (WebSphere 5.x):
Open a shell window.
Change directory to install_root/bin. If you are
running ACert in a Network Deployment environment, change to the
nd_install_root/bin directory.
Make the script executable using chmod +x launchACert.sh,
Type ./launchACert.sh and press Enter.
To launch ACert on UNIX® (WebSphere 6.x):
Open a shell window.
Change directory to
install_root/profiles/profile_namebin. If you
are running ACert in a Network Deployment environment, change to the
nd_install_root/bin directory.
Make the script executable using chmod +x launchACert.sh,
Type ./launchACert.sh and press Enter.
To launch ACert on iSeries®:
Open a shell window.
Unjar the contents of the ACertISeries.jar file to
/QIBM/ProdData/WebAS5/Base. This will result in the ACert
class file going under the classes subdirectory and the UNIX, windows and
iSeries scripts being placed in the bin subdirectory.
(Optional) Customer can delete
/QIBM/ProdData/WebAS5/Base/bin/launchACert.sh and
launchACert.bat files.
Enter the QShell environment by typing STRQSH on an
OS/400 command line and press Enter.
Type cd /QIBM/ProdData/WebAS5/Base/bin and press
Enter.
Type launchACert -instance myinst and press
Enter.