Use this page to specify a list of untrusted, intermediate certificate
files. This collection certificate store is used for certificate path validation
of incoming X.509-formatted security tokens.
To view the administrative console panel for the collection
certificate store on the cell level, complete the following steps:
- Click .
- Under additional properties, click Collection certificate store.
- Click the name of a configured collection certificate store or create
a new collection certificate store first.
- Under Additional properties, click X.509 certificates.
- Specify a new X.509 certificate path by clicking New or by clicking
the X.509 certificate path to modify its settings.
To view the administrative console panel for the collection certificate
store on the server level, complete the following steps:
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using Websphere Application
Server version 6.1 or earlier, click
Web services: Default bindings
for Web services security.
mixv
- Under Additional properties, click Collection certificate store.
- Click the name of a configured collection certificate store or create
a new collection certificate store first.
- Under Additional properties, click X.509 certificates.
- Specify a new X.509 certificate path by clicking New or by clicking
the X.509 certificate path to modify its settings.
To view this administrative console page for an X.509 certificate on the
application level, complete the following steps:
- Click .
- Under Modules, click .
- Under Web Services Security Properties, you can access collection certificate
stores for the following bindings:
- For the Request generator, click Web services: Client security bindings.
Under Request generator (sender) binding, click Edit custom > Collection
certificate store.
- For the Request consumer, click Web services: Server security bindings.
Under Request consumer (receiver) binding, click Edit custom > Collection
certificate store.
- For the Response generator, click Web services: Server security bindings.
Under Response generator (sender) binding, click Edit custom > Collection
certificate store.
- For the Response consumer, click Web services: Client security bindings.
Under Response consumer (receiver) binding, click Edit custom > Collection
certificate store.
Under Additional properties, you can access the collection
certificate stores for the following bindings.
- For the Response receiver binding, click Web services: Client security
bindings. Under Response receiver binding, click Edit > Collection
certificate store.
- For the Request receiver binding, click Web services: Server security
bindings. Under Request receiver binding, click Edit > Collection
certificate store.
- Click the name of a configured collection certificate store or create
a new collection certificate store first.
- Under Additional properties, click X.509 certificates.
- Specify a new X.509 certificate path by clicking New or click the
X.509 certificate path to modify its settings.
Specifies the absolute path to the location of the X.509 certificate.
As shown in the following example, you can use the USER_INSTALL_ROOT variable
as part of the path name: {USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer.
This X.509 certificate path is not for production use. Obtain your own X.509
from a certificate authority before putting your application server environment
into production.
You can configure the USER_INSTALL_ROOT variable in the administrative
console by clicking .