Why and when to perform this task
Secure Sockets Layer (SSL) connections rely on the existence of digital certificates. A digital certificate reveals information about its owner, including their identity. During the initialization of an SSL connection, the server must present its certificate to the client for the client to determine the server identity. The client can also present the server with its own certificate for the server to determine the client identity. SSL is therefore, a means of propagating identity between components. Refer to Configuring Secure Sockets Layer and Creating a Secure Sockets Layer repertoire configuration entry.A client can trust the contents of a certificate if that certificate is digitally signed by a trusted third party. A Certificate Authority (CA) acts as a trusted third party and signs certificates on the basis of its knowledge of the certificate requestor. Complete the following steps to manage digital certificates using either the key management utility (iKeyman) or the keytool utility:
Steps for this task (dependent on configuration)
${WAS_HOME}/java/jre/bin/keytool -genkey -keyalg RSA -dname "cn=rocaj, ou=users,
u=uk, DC=internetchaos, DC=com" -alias rocaj -keypass websphere -keystore
testkeyring.jks -storepass websphere
The previous three lines of code belong on one line, but were split onto three lines due to the width of the page.
${WAS_HOME}/java/jre/bin/keytool -genkey -keyalg RSA -dname "cn=amorv, ou=users,
ou=uk, DC=internetchaos, DC=com" -alias amorv -keypass websphere -keystore
testkeyring.jks -storepass websphere
The previous three lines of code belong on one line, but were split onto three lines due to the width of the page.
Now the keystore testkeyring.jks contains two self-signed certificates with the owner being the same as the issuer for each certificate.
${WAS_HOME}/java/jre/bin/keytool -v certreq -alias rocaj -file rocajReq.csr
-keypass websphere -keystore testkeyring.jks -storepass websphere
The previous two lines of code belong on one line, but were split onto two lines due to the width of the page.
cat rocajReq.csr |tr -d "\r"
${WAS_HOME}/java/jre/bin/keytool -v -certreq -alias amorv -file amorvReq.csr
-keypass websphere -keystore testkeyring.jks -storepass websphere
The previous two lines of code belong on one line, but were split onto two lines due to the width of the page.
cat amoryReq.csr |tr -d "\r"
${WAS_HOME}/java/jre/bin/keytool -import -alias "Thawte Test CA Root" -file ThawteTestCA.arm
-keystore testkeyring.jks -storepass websphere
The previous two lines of code belong on one line, but were split onto two lines due to the width of the page.
${WAS_HOME}/java/jre/bin/keytool -import -trustcacerts -alias rocaj -file rocajRec.arm
-keystore testkeyring.jks -storepass websphere.
Certificate reply was installed in keystore
The previous three lines of code belong on one line, but were split onto three lines due to the width of the page.
${WAS_HOME}/java/jre/bin/keytool -import -trustcacerts -alias amorv -file amorvRec.arm
-keystore testkeyring.jks -storepass websphere.
Certificate reply was installed in keystore
The previous three lines of code belong on one line, but were split onto three lines due to the width of the page.
Refer to Configuring IBM HTTP Server for Secure Sockets Layer mutual authentication.
What to do next
Setting up SSL communication between the Web browser and WebSphere Application Server. Using digital signatures, you can communicate securely from the Web browser through the Web server to WebSphere Application Server. Once you finish configuring security, perform the following steps to save, synchronize, and restart the servers:Related concepts
Secure Sockets Layer
Related tasks
Configuring IBM HTTP Server for Secure Sockets Layer mutual authentication
Configuring the Web server plug-in for Secure Sockets Layer
Creating a Secure Sockets Layer repertoire configuration entry