[Version 5 only]WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring the client-side collection certificate store using the administrative console

Why and when to perform this task

Important distinction between Version 5.x and Version 6.0.x applications
Note: The information in this article supports version 5.x applications only that are used with WebSphere Application Server Version 6. The information does not apply to version 6.0.x applications.

A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs are used to check the signature of a digitally signed Simple Object Access Protocol (SOAP) message.

You can configure the collection certificate either by using the assembly tools or the WebSphere Application Server administrative console. Complete the following steps to configure the client-side collection certificate store using the administrative console.

Steps for this task

  1. Connect to the WebSphere Application Server administrative console. You can connect to the administrative console by typing http://localhost:9060/ibm/console in your Web browser unless you have changed the port number.
  2. Click Applications > Enterprise applications > application_name.
  3. Under Related items, click either Web modules or EJB modules depending on the type of module you are securing.
  4. Click the name of the module you are securing.
  5. Under Additional properties, click either Web services: client security bindings to add the collection certificate store to the client security bindings. If you do not see any entries, return to the assembly tool and configure the security extensions for either the client or the server.
  6. Under Response receiver binding, click Edit to edit the client security bindings.
  7. Click Collection certificate store.
  8. Click a Certificate store name to edit an existing certificate store or click New to add a new certificate store name.
  9. Enter a name in the Certificate store name field. The name entered in this field is a name that is referenced in the Certificate store field on the Signing information configuration page.
  10. Leave the Certificate store provider field value as IBMCertPath.
  11. Click Apply.
  12. Under Additional properties, click X.509 certificates > New.
  13. Enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. If you have any additional certificate store paths to enter, click New and add the path names.
  14. Click OK.



Related concepts
Collection certificate store

Related tasks
Configuring the server-side collection certificate store using the administrative console
Configuring the server-side collection certificate store using an assembly tool
Configuring default collection certificate stores at the server level in the WebSphere Application Server administrative console
Configuring the client for response digital signature verification: verifying the message parts
Configuring the client for response digital signature verification: choosing the verification method
Configuring the server for request digital signature verification: Verifying the message parts
Configuring the server for request digital signature verification: choosing the verification method

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/twbs_confclcertac.html

© Copyright IBM Corporation 2003, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)