A collection certificate store is a collection of non-root,
certificate authority (CA) certificates and certificate revocation lists (CRLs).
This collections of CA certificates and CRLs are used to check the signature
of a digitally signed SOAP message. You can configure the server-side collection
certificate store by using an assembly tool.
About this task
Important: There is an important distinction between
Version 5.x and Version 6 and later applications. The information in
this article supports Version 5.x applications only that are used with
WebSphere Application Server Version 6.0.x and later. The information
does not apply to Version 6.0.x and later applications.
You
can configure the collection certificate either by using an assembly tool
or by using the WebSphere Application Server administrative console. Complete
the following steps to configure the server-side collection certificate store
using an assembly tool.
Procedure
- Start an assembly tool.
For
more information on the assembly tools, see Assembly tools.
- Switch to the Java 2 Platform, Enterprise Edition (J2EE) perspective.
Click Window > Open Perspective > J2EE.
- Click EJB projects > application_name > ejbModule
> META-INF
- Right-click the webservices.xml file, select Open with
> Web Services Editor.
- Click the Binding configurations tab in the Web services editor
within the assembly tool. The Web Service Binding Configuration
window is displayed.
- Select one of the Web service description binding entries under
the Port Component Binding section.
- Expand the Request receiver binding configuration details >
Certificate store list > Collection certificate store section.
- Click Add to create a new collection certificate store,
click Edit to edit an existing certificate store, or click Remove to
delete an existing certification store.
- Enter a name in the Name field. This name is
referenced in the Certificate store reference field in the Signing
info dialog.
- Leave the Provider field as IBMCertPath.
- Click Add to enter the path to your certificate store.
For example, the path might be: ${USER_INSTALL_ROOT]/etc/ws-security/samples/intca2.cer.
If you have additional certificate store paths, click Add to add the
paths.
- Click OK when you finish adding paths.