A collection certificate store is a collection of
non-root, certificate authority (CA) certificates and certificate
revocation lists (CRLs). This collections of CA certificates and CRLs
are used to check the signature of a digitally signed SOAP message.
You can configure the server-side collection certificate store by
using an assembly tool.
About this task
Important: There is an important distinction
between Version 5.x and Version 6 and later applications. The
information supports Version 5.x applications only that are
used with WebSphere® Application Server Version 6.0.x and
later. The information does not apply to Version 6.0.x and
later applications.
You can configure the collection certificate
either by using an assembly tool or by using the WebSphere Application
Server administrative console. Complete the following steps to configure
the server-side collection certificate store using an assembly tool.
Procedure
- Start an assembly tool. For more information,
see the related information on Assembly Tools.
- Switch to the Java Platform,
Enterprise Edition (Java EE)
perspective. Click .
- Click .
- Right-click the webservices.xml file,
select .
- Click the Binding configurations tab in the web services
editor within the assembly tool. The Web Service Binding
Configuration window is displayed.
- Select one of the web service description binding entries
under the Port Component Binding section.
- Expand the section.
- Click Add to create a new collection
certificate store, click Edit to edit an existing
certificate store, or click Remove to delete an existing certification
store.
- Enter a name in the Name field. This name is referenced in the Certificate store
reference field in the Signing info dialog.
- Leave the Provider field as IBMCertPath.
- Click Add to enter the path to your
certificate store. For example, the path might be: ${USER_INSTALL_ROOT]/etc/ws-security/samples/intca2.cer.
If you have additional certificate store paths, click Add to
add the paths.
- Click OK when you finish adding
paths.