Configuring the certificate authority

Configure WebSphere® Application Server to support Secure Socket Layer (SSL) client authentication and add the signer certificate for your organization to the truststore.

About this task

Attention: The information in this topic applies to WebSphere Application Server V7.0 and IBM HTTP Server V7.0. See Technote 1569987 for information on installing and configuring WebSphere Application Server V8.0 and IBM HTTP Server V8.0.

Signer certificates establish the trust relationship in SSL communication. The signer certificate determines whether a user certificate is accepted. After a signer certificate is accepted, the LDAP server looks up the user in the registry. If the user is found, the Rational® ClearQuest® Web logon window opens.

Procedure

  1. Configure WebSphere Application Server to support SSL client certificates.
    1. In the WebSphere Application Server administrative console, click Security > SSL certificate and key management.
    2. Under Related Items, click SSL configurations.
    3. In the SSL configurations table, click either a node name or NodeDefaultSSLSettings if you are using default settings.
    4. Under Additional Properties, click Quality of protection (QoP) settings.
    5. Select Supported from the Client certificate authentication list.
      Attention: Do not select Required, else you will be unable to logon to the WebSphere Application Server administrative console.
    6. Click Apply and then click Save.
  2. Add the signer certificate to the WebSphere Application Server truststore.
    1. Click Security > SSL certificate and key management.
    2. Under Related Items, click Keystores and certificates.
    3. In the keystore types table, click either a trust store or NodeDefaultTrustStore if you are using the default settings.
    4. Under Additional Properties, click Signer certificates.
    5. Click Add.
      • Type an alias name in the Alias field to represent the signer certificate.
      • Type the path and file name of the signer certificate in the File name field.
        Attention: The file must reside on the WebSphere Application Server. If you are using OpenSSL, then you must give a path to the .pem file.
      • Select Base64-encoded ASCII data from the Data type list.
      • Click Apply and then click Save.
    See the following WebSphere Application Server 7.0 Information Center topics for additional information, including guidance on complex deployment scenarios:

Feedback