When a certificate authority (CA) receives a certificate
request, it issues a new certificate that functions as a temporary
placeholder for a CA-issued certificate. A keystore receives the certificate
from the CA and generates a CA-signed personal certificate that WebSphere® Application Server can use for
Secure Sockets Layer (SSL) security.
Before you begin
The keystore must contain the certificate request that was
created and sent to the CA. Also, the keystore must be able to access
the certificate that is returned by the CA.
Supported configurations: To
receive a certificate by using the wsadmin tool, use the
receiveCertificate command
of the AdminTask object. For more information, see the PersonalCertificateCommands
command group for the AdminTask object article.
sptcfg
About this task
WebSphere Application Server can receive
only those certificates that are generated by a WebSphere Application
Server certificate request. It cannot receive certificates that are
created with certificate requests from other keystore tools, such
as
iKeyman and
keyTool.
Complete the following steps
in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration >
Key stores and certificates > [keystore].
- Under Additional Properties, click Personal certificates.
- Select a personal certificate.
- Click Receive a certificate from a certificate authority.
- Type the full path and name of the certificate file.
- Select a data type from the list.
- Click Apply and Save.
Results
The keystore contains a new personal certificate that is issued
by a CA. The original certificate request is changed to a personal
certificate.
What to do next
The SSL configuration is ready to use the new CA-signed personal certificate. If you are
receiving the CA certificate for use as the default certificate in the keystore, ensure that the SSL
configuration containing the keystore is updated with the appropriate default certificate alias. Or
if the SSL Configuration already contains the old certificate's alias the replaceCertificate task
can be used to find all occurrences of the old cert alias and replace it with the new certificate
alias.