Adding the DataPower signer certificate to the WebSphere Application Server default truststore to enable an SSL connection

When configuring a DataPower® appliance when security is enabled, the signer certificate of the DataPower server must be added to the WebSphere® Application Server default truststore to enable an Secure Sockets Layer (SSL) connection to be made from WebSphere Application Server to the DataPower server.

About this task

You can add the signer certificate of the DataPower server to the WebSphere Application Server default truststore to enable an Secure Sockets Layer (SSL) connection using the administrative console or by using the addSignerCertificate wsadmin command.

The DataPower signer certificate should be installed in the DataPower-root-ca-cert.pem file under the Deployment managers profile in the WAS_HOME/profiles/<DMGR profile>/etc directory.

Procedure

  1. From the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Add signer certificate.
  2. In the Alias box, enter an alias name in which to identify the DataPower signer certificate.
  3. In the File name box, enter the full path to the DataPower-root-ca-cert.pem file.
  4. Click Apply and Save.
    Note: You can alternately use the addSignerCertificate wsadmin command to add the DataPower server to the WebSphere Application Server default truststore by entering the following:
    wsadmin> AdminTask.addSignerCertificate('[-keyStoreName 
    CellDefaultTrustStore -certificateFilePath 
    c:/wasHomeDir/profiles/Dmgr01/etc/DataPower-root-ca-cert.pem 
    -certificateAlias datapower ]').

    If the DataPower-root-ca-cert.pem certificate file is not installed on the system, you can retrieve the DataPower certificate from the port using the administrative console:

    1. Click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.
    2. In the Host box, enter the DataPower server hostname.
    3. In the Port box, enter the port of the DataPower server.
    4. In the Alias box, enter an alias name to identify the DataPower signer certificate.
    5. Click Retrieve signer information.
    6. Verify that the certificate information is correct, then click Apply and Save
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 20, 2014 08:46 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=tdpw_add_trust
File name: tdpw_add_trust.html