Use this page to view
a list of certificate stores that
contains untrusted, intermediary certificate files awaiting validation.
Validation might consist of checking to see if the certificate is
on a certificate revocation list (CRL), checking that the certificate
is not expired, and checking that the certificate is issued by a trusted
signer.
The
following list provides recommendations for using CRLs:
- If
CRLs are added to the collection certificate store collection,
add the CRLs for the root certificate authority and each intermediate
certificate, if applicable. When the CRL is in the certificate collection
store, the certificate revocation status for every certificate in
the chain is checked against the CRL of the issuer.
- When the
CRL file is updated, the new CRL does not take effect
until you restart the web service application.
- Before a CRL
expires, you must load a new CRL into the certificate
collection store to replace the old CRL. An expired CRL in the collection
certificate store results in a certificate path (CertPath) build failure.
To view the administrative console
panel for the collection certificate
store on the server level, complete the following steps:
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using Websphere
Application Server version 6.1 or earlier, click
Web services:
Default bindings for Web Services Security.
mixv
- Under
Additional properties, click Collection certificate
store.
To view this administrative console
page for the collection certificate
store on the application level, complete the following steps:
- Click .
- Under Modules, click .
- Under Web Services Security Properties, you can access collection
certificate stores for the following bindings:
- For the Request
generator, click Web services: Client
security bindings. Under Request generator (sender) binding,
click .
- For the Request
consumer, click Web services: Server
security bindings. Under Request consumer (receiver) binding,
click .
- For the Response
generator, click Web services: Server
security bindings. Under Response generator (sender) binding,
click .
- For the Response
consumer, click Web services: Client
security bindings. Under Response consumer (receiver)
binding, click .
- Under Additional properties, you can access collection
certificate stores for the following bindings:
- For the Request
receiver binding, click Web services:
Server security bindings. Under Response receiver binding,
click .
- For the Response
receiver binding, click Web services:
Client security bindings. Under Response receiver binding,
click .
Complete
the following steps:
- Click New to specify
a new certificate
store name and certificate store provider.
- Click OK and
messages display at the top
of the administrative console panel.
- Within the messages at
the top of the administrative console panel,
click Save.
- Return to the collection
certificate store collection panel and
click Update runtime to update the Web Services
Security run time with the default binding information, which is found
in the ws-security.xml file. When you click Update
runtime, the configuration changes made to the other web
services are also updated in the Web Services Security run time.