Adding the DataPower signer certificate to the WebSphere Application Server default truststore to enable an SSL connection

When configuring a DataPower® appliance when security is enabled, the signer certificate of the DataPower server must be added to the WebSphere® Application Server default truststore to enable an Secure Sockets Layer (SSL) connection to be made from WebSphere Application Server to the DataPower server.

About this task

You can add the signer certificate of the DataPower server to the WebSphere Application Server default truststore to enable an Secure Sockets Layer (SSL) connection using the administrative console or by using the addSignerCertificate wsadmin command.

The DataPower signer certificate should be installed in the DataPower-root-ca-cert.pem file under the Deployment managers profile in the WAS_HOME/profiles/<DMGR profile>/etc directory.

Procedure

  1. From the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Add signer certificate.
  2. In the Alias box, enter an alias name in which to identify the DataPower signer certificate.
  3. In the File name box, enter the full path to the DataPower-root-ca-cert.pem file.
  4. Click Apply and Save.
    Note: You can alternately use the addSignerCertificate wsadmin command to add the DataPower server to the WebSphere Application Server default truststore by entering the following:
    wsadmin> AdminTask.addSignerCertificate('[-keyStoreName 
    CellDefaultTrustStore -certificateFilePath 
    c:/wasHomeDir/profiles/Dmgr01/etc/DataPower-root-ca-cert.pem 
    -certificateAlias datapower ]').

    If the DataPower-root-ca-cert.pem certificate file is not installed on the system, you can retrieve the DataPower certificate from the port using the administrative console:

    1. Click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.
    2. In the Host box, enter the DataPower server hostname.
    3. In the Port box, enter the port of the DataPower server.
    4. In the Alias box, enter an alias name to identify the DataPower signer certificate.
    5. Click Retrieve signer information.
    6. Verify that the certificate information is correct, then click Apply and Save

주제 유형을 표시하는 아이콘 태스크 주제



시간소인 아이콘 마지막 업데이트 날짜: July 9, 2016 6:10
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tdpw_add_trust
파일 이름:tdpw_add_trust.html