Why and when to perform this task
A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs is used to check for a valid signature in a digitally signed Simple Object Access Protocol (SOAP) message. Complete the following steps to configure a collection certificate for the consumer bindings on the application level:Steps for this task
The name of the collection certificate store must be unique to the level of the application server. For example, if you create the collection certificate store for the application level, the store name must be unique to the application level. The name that is specified in the Certificate store name field is used by other configurations to refer to a predefined collection certificate store. WebSphere Application Server searches for the collection certificate store based on proximity.
For example, if an application binding refers to a collection certificate store named cert1, the Application Server searches for cert1 at the application level before searching the server level and then the cell level.
You can use the USER_INSTALL_ROOT variable as part of the path name. For example, you might type: USER_INSTALL_ROOT/etc/ws-security/samples/intca2.cer. Do not use this certificate path for production use. You must obtain your own X.509 certificate from a certificate authority before putting your WebSphere Application Server environment into production.
Click Environment > WebSphere variables in the administrative console to configure the USER_INSTALL_ROOT variable.
Result
You have configured the collection certificate store for the consumer binding.What to do next
You must configure a token consumer configuration that references this certificate store configuration.Related tasks
Configuring the collection certificate store for the generator binding
on the application level