Preform the following Steps:
Save External Public Certificates (LDAP and CA Root)
1. Export the public key from the LDAP server to a file called "ldap.arm".
2. Download the CA's root certificate to a file called "caroot.arm".
Generate the Server Keyring File from the
WAS IKeyMan (See WAS 3.5 InfoCenter section 5.5.6.2):
3. Create a new keyring class file called ServerKeyring.class.
4. Generate a certificate request and save it as "certreq.arm".
5. Go to the CA's Web Site to request the cert. Get the cert and save it
as "newcert.arm".
6. Go to the Personal Certificates section of IKeyMan and select
"Receive". Enter the filename "newcert.arm".
7. Select "Extract Certificate" and save it as "websphere.arm".
8. Go to the Signer Certificates section of IKeyMan and select "Add".
Enter the filename "caroot.arm".
Generate the Client Keyring File from the
WAS IKeyMan:
9. Create a new keyring class file called ClientKeyring.class.
10. Go to the Signer Certificates section of IKeyMan and select "Add".
Enter the filename "ldap.arm".
11. Go to the Signer Certificates section of IKeyMan and select "Add".
Enter the filename "caroot.arm".
12. Go to the Signer Certificates section of IKeyMan and select "Add".
Enter the filename "websphere.arm".
You are now ready to install these in
WebSphere:
13. Edit the SAS.SERVER.PROPS file. For WAS AE 4.0.x, use the Security
Center to set these. Both the ServerKeyring and ClientKeyring files need
to be on the server. Modify the following lines:
com.ibm.CORBA.KeyRingFile=ServerKeyring
com.ibm.CORBA.KeyRingPassword=WebAS
com.ibm.CORBA.SSLClientKeyRingPassword=WebAS
com.ibm.CORBA.SSLClientKeyRing=ClientKeyring
14. Edit the SAS.CLIENT.PROPS file. Only the ClientKeyring file needs to
be on the client. Modify the following lines:
com.ibm.CORBA.SSLKeyRing=ClientKeyring
com.ibm.CORBA.SSLKeyRingPassword=WebAS
com.ibm.CORBA.SSLServerKeyRing=ClientKeyring
com.ibm.CORBA.SSLServerKeyRingPassword=WebAS
|