Signer certificates establish the trust relationship in
SSL communication. You can extract the signer part of a personal certificate
from a keystore, and then you can add the signer certificate to other
keystores.
Before you begin
The keystore that you want to add the signer certificate to
must already exist.
Alternative Method: To
add a signer certificate to a keystore by using the wsadmin tool,
use the addSignerCertificate command of the AdminTask object.
For more information, see the SignerCertificateCommands command group
for the AdminTask object article.
Note: If the security custom
property com.ibm.websphere.security.OverwriteAndReplaceOnImport is
set to true then import certificate imports a certificate
and overwrites an existing certificate. It then perform the certificate
replace operation on that certificate. Typically, an existing certificate
cannot be overwritten by a certificate that is being imported. The
task also replaces all signer certificates from the original certificate
and replaces them with the signer certificate from the new certificate
that is being imported
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Key stores and certificates.
- Select a keystore from the list of keystores.
- Click Signer certificates.
- Click Add.
- Enter an alias for the signer certificate in the Alias field
- Enter the full path to the signer certificate file in the File
name field.
- Select a data type from the list in the Data type field.
- Click Apply.
Results
When these steps are completed, the signer from the certificate
file is stored in the keystore. You can see the signer in the keystore
files list of signer certificates. Use the keystore to establish trust
relationships for the SSL configurations.