Why and when to perform this task
Collection certificate stores contain untrusted, intermediary certificate files awaiting validation. Validation might consist of checking for a valid signature in a digitally signed Simple Object Access Protocol (SOAP) message to see if the certificate is on a certificate revocation list (CRLs), checking that the certificate is not expired, and checking that the certificate is issued by a trusted signer.Complete the following steps to configure a collection certificate on the server level:
Steps for this task
The name of the collection certificate store must be unique to the level of the application server. For example, if you create the collection certificate store for the server level, the store name must be unique to the server level. The name that is specified in the Certificate store name field is used by other configurations to refer to a predefined collection certificate store. WebSphere Application Server searches for the collection certificate store based on proximity.
For example, if an application binding refers to a collection certificate store named cert1, the Application Server searches for cert1 at the application level before searching the server level.
For portability reasons, it is recommended that you use the WebSphere Application Server variables to specify a relative path to the certificate revocation lists. This recommendation is especially important when you are working in a WebSphere Application Server Network Deployment environment.
You can use the USER_INSTALL_ROOT variable as part of path name. For example, you might type: $USER_INSTALL_ROOT/etc/ws-security/samples/intca2.cer. Do not use this certificate path for production use. You must obtain your own X.509 certificate from a certificate authority before putting your WebSphere Application Server environment into production.
Click Environment > WebSphere variables in the administrative console to configure the USER_INSTALL_ROOT variable.
Result
You have configured the collection certificate store for the server or cell level.Related concepts
Certificate revocation list
Related tasks
Securing Web services for version 6.0.x applications based on WS-Security