Use this page to view a list of certificate stores that contains
untrusted, intermediary certificate files awaiting validation. Validation
might consist of checking to see if the certificate is on a certificate revocation
list (CRL), checking that the certificate is not expired, and checking that
the certificate is issued by a trusted signer.
The following list provides recommendations for using CRLs:
- If CRLs are added to the collection certificate store collection, add
the CRLs for the root certificate authority and each intermediate certificate,
if applicable. When the CRL is in the certificate collection store, the certificate
revocation status for every certificate in the chain is checked against the
CRL of the issuer.
- When the CRL file is updated, the new CRL does not take effect until you
restart the Web service application.
- Before a CRL expires, you must load a new CRL into the certificate collection
store to replace the old CRL. An expired CRL in the collection certificate
store results in a certificate path (CertPath) build failure.
To view the administrative console panel for the collection
certificate store on the cell level, complete the following steps:
- Click Security > JAX-WS and JAX-RPC security runtime.
- Under Additional properties, click Collection certificate store.
To view the administrative console panel for the collection certificate
store on the server level, complete the following steps:
- Click server_name.
- Under Security, click JAX-WS and JAX-RPC security runtime.
混合版本環境: In a mixed node cell with a server using Websphere Application
Server version 6.1 or earlier, click
Web services: Default bindings
for Web services security.
mixv
- Under Additional properties, click Collection certificate store.
To view this administrative console page for the collection certificate
store on the application level, complete the following steps:
- Click application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Security Properties, you can access collection certificate
stores for the following bindings:
- For the Request generator, click Web services: Client security bindings.
Under Request generator (sender) binding, click Edit custom > Collection
certificate store.
- For the Request consumer, click Web services: Server security bindings.
Under Request consumer (receiver) binding, click Edit custom > Collection
certificate store.
- For the Response generator, click Web services: Server security bindings.
Under Response generator (sender) binding, click Edit custom > Collection
certificate store.
- For the Response consumer, click Web services: Client security bindings.
Under Response consumer (receiver) binding, click Edit custom > Collection
certificate store.
Under Additional properties, you can access collection
certificate stores for the following bindings:
- For the Request receiver binding, click Web services: Server security
bindings. Under Response receiver binding, click Edit >
Collection certificate store.
- For the Response receiver binding, click Web services: Client security
bindings. Under Response receiver binding, click Edit >
Collection certificate store.
Complete the following steps:
- Click New to specify a new certificate store name and certificate
store provider.
- Click OK and messages display at the top of the administrative
console panel.
- Within the messages at the top of the administrative console panel, click Save.
- Return to the collection certificate store collection panel and click Update
runtime to update the Web services security run time with the default
binding information, which is found in the ws_security.xml file.
When you click Update runtime, the configuration changes made to the
other Web services are also updated in the Web services security run time.