To perform Secure
Sockets Layer (SSL) communication with
a server, WebSphere® Application Server must retrieve
a signer certificate from a secure remote SSL port during the handshake.
After the signer certificate is retrieved, you can add the signer
certificate to a keystore.
Before you begin
The keystore that
is to contain the signer certificate must
already exist.
Alternative Method: To
retrieve a signer certificate from a port using the wsadmin tool,
use the retrieveSignerFromPort command of the AdminTask object.
For more information, see the SignerCertificateCommands command group
for the AdminTask object article.
About this task
Complete
the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations > {Inbound | Outbound} >
Key stores and certificates > keystore > Signer
certificates > Retrieve from port.
- Click Retrieve
from port.
- Type the host name of the machine
on which the signer resides.
- Type the port
location on the host machine on which the
signer resides. The port location is not limited to ports
on WebSphere Application Server. The ports
can include Lightweight Directory Access Protocol (LDAP) ports or
ports on any server on which an SSL port is already configured, such
as SIB_ENDPOINT_SECURE_ADDRESS.
- Select
an SSL configuration for the outbound connection
from the list.
- Type an alias name for the certificate.
- Click Retrieve signer information. A
message window displays information about the retrieved signer certificate,
such as: the serial number, issued-to and issued-by identities, SHA
hash, and expiration date. If a chained certificate is on the port,
information about the root is displayed.
- Click Apply.
This action indicates that
you accept the credentials of the signer.
Results
The
signer certificate that is retrieved from the remote port
is stored in the keystore.
What to do next
An SSL configuration
or client process that requires an SSL
connection to the server can use the retrieved and approved signer
certificate.