When configuring a DataPower® appliance
when security is enabled, the signer certificate of the DataPower server must be added to the WebSphere® Application Server
default truststore to enable an Secure Sockets Layer (SSL) connection
to be made from WebSphere Application
Server to the DataPower server.
About this task
You can add the signer certificate of the DataPower server to the WebSphere Application Server default truststore
to enable an Secure Sockets Layer (SSL) connection using the administrative
console or by using the addSignerCertificate wsadmin command.
The DataPower signer
certificate should be installed in the DataPower-root-ca-cert.pem file
under the Deployment managers profile in the WAS_HOME/profiles/<DMGR
profile>/etc directory.
Procedure
- From the administrative console, click .
- In the Alias box, enter an alias name in which to identify
the DataPower signer certificate.
- In the File name box, enter the full path to the DataPower-root-ca-cert.pem file.
- Click Apply and Save.
Note: You
can alternately use the addSignerCertificate wsadmin command to add
the DataPower server to
the WebSphere Application
Server default truststore by entering the following:
wsadmin> AdminTask.addSignerCertificate('[-keyStoreName
CellDefaultTrustStore -certificateFilePath
c:/wasHomeDir/profiles/Dmgr01/etc/DataPower-root-ca-cert.pem
-certificateAlias datapower ]').
If the DataPower-root-ca-cert.pem certificate
file is not installed on the system, you can retrieve the DataPower certificate from
the port using the administrative console:
- Click .
- In the Host box, enter the DataPower server
hostname.
- In the Port box, enter the port of the DataPower server.
- In the Alias box, enter an alias name to identify the DataPower signer certificate.
- Click Retrieve signer information.
- Verify that the certificate information is correct, then click Apply and Save