Configuring the IBM® JRE to talk to a secured WebSphere Application Server

Use these steps if you want to use the web services wizard to retrieve an HTTPS WSDL or if you want to use the Web Services Explorer against a secured WebSphere® Application Server. If you encounter an error similar to Error opening socket: javax.net.ssl.SSLHandshakeException: unknown certifcate this task resolves the issue. This error occurs because WebSphere Application Server uses a security certificate for negotiating secured connections that other JRE-based applications do not normally share.

About this task

Important: Applicable to WebSphere Application Server traditional
To configure your JRE to accept the WebSphere Application Server certificate:

Procedure

  1. Start the iKeyman tool from your Eclipse JRE, which is in the following location within your WebSphere Application Server installation directory: install_dir\java\jre\bin\ikeyman.exe. The default installation locations for the servers:
    • WebSphere Application Server: install_dir\java\jre\bin\ikeyman.exe
    Note: The install_dir directory is where you installed the version of WebSphere Application Server.
  2. Click the Open a key database file icon:
    Screen capture of the "open a key database file" icon
  3. In the window that opens, click Browse and locate the DummyClientTrustFile.jks in your WebSphere Application Server profile. The default location might be similar to install_dir\profiles\profile_name\etc\DummyClientTrustFile.jks Click OK when you find the file.
    Screen capture of the DummyClientTrustFile.jks
  4. You are prompted for a password. Enter WebAS.
  5. Select Signer Certificates from the list, and then select default_signer and click Extract.
  6. Note the location and name of the certificate because it is needed in later steps. Click OK to save the file.
  7. Click the Open a key database file icon again, and browse to the Eclipse JRE cacerts. This file is located here: install_dir\java\jre\lib\security\cacerts.
  8. When prompted for a password enter changeit.
  9. Click Add, and browse to the file that you saved earlier. You must set the file types field to All Files. Click OK when the correct file is selected in the open window.
  10. Enter a label for the certificate.

Results

The JRE can now accept the server certificate automatically. The certificate might restrict to the same host name on the certificate (the host name, including the domain).
Icon that indicates the type of topic Task topic
Timestamp icon Last updated: July 17, 2017 21:58

File name: twsconfigjressl.html