Configuring default collection certificate stores at the cell level in the WebSphere Application Server administrative console

A collection certificate store is a collection of non-root certificate authority (CA) certificates and certificate revocation lists (CRLs). Use this collection of CA certificates and CRLs to check the signature of a digitally signed SOAP message. A certificate store typically refers to a certificate store that is located in the file system.

About this task

Important: There is an important distinction between Version 5.x and Version 6.0.x and later applications. The information supports Version 5.x applications only that are used with WebSphere® Application Server Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications.

The location of the certificate store can vary from machine to machine, so you might configure a default collection certificate store for a specific machine and reference it from within the signing information. The signing information is found within the binding configurations of any application installed on the machine. This suggestion enables you to define a single collection certificate store for all of the applications that need to use the same certificates.

You also can specify the default binding information at the server level.

Complete the following steps to configure the default collection certificate store at the cell level by using the WebSphere Application Server administrative console:

Procedure

  1. Connect to the administrative console.

    [AIX Solaris HP-UX Linux Windows][z/OS] You can access the administrative console by typing http://localhost:port_number/ibm/console in your web browser unless you have changed the port number.

    [IBM i] You can access the administrative console by typing http://server_name:port_number/ibm/console in your web browser unless you have changed the port number.

  2. Click Security > Web services.
  3. Under Additional properties, click Collection certificate store.
  4. Click the name of a certificate store name to edit an existing store, or click New to add a new store. This name is referenced in the Certificate store field on the Signing information configuration page.
  5. Leave the Certificate store provider field value as IBMCertPath.
  6. Click Apply.
  7. Under Additional properties, click X.509 certificates > New.
  8. Enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer

    If you have any additional certificate store paths to enter, click New and add the path names.

  9. Click OK.
Task topic    

Terms and conditions for information centers | Feedback

Last updated: April 20, 2014 08:46 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=twbs_confclcertcellclac
File name: twbs_confclcertcellclac.html