For clients to communicate with WebSphere Application Server, clients must obtain a signer certificate from the server. Clients can use the retrieveSigners command to connect to a server to obtain the appropriate signer. A prompt displays that asks whether or not you want to add a signer to the truststore. If the Secure Sockets Layer (SSL) configuration uses an automated script that might hang, use the prompt to obtain the certificate. The com.ibm.ssl.enableSignerExchangePrompt property in the profile_home/properties/ssl.client.props file controls the signer certificate prompt. By default, this property is set to true, meaning the prompt is enabled.
/QIBM/UserData/WebSphere/AppServer/V61/ND/profiles/default/bin/serverStatus -all ADMU0116I: Tool information is being logged in file /QIBM/UserData/WebSphere/AppServer/V61/ND/profiles/default/logs/serverStatus.log ADMU0128I: Starting tool with the default profile ADMU0503I: Retrieving server status for all servers ADMU0505I: Servers found in configuration: ADMU0506I: Server name: server1 *** SSL SIGNER EXCHANGE PROMPT *** SSL signer from target host 192.174.1.5 is not found in truststore /QIBM/UserData/WebSphere/AppServer/V61/ND/profiles/default/etc/trust.p12.
Verify that the digest value matches what is displayed at the server in the following signer information:
Subject DN: CN=hostname.austin.ibm.com, O=IBM, C=US Issuer DN: CN=hostname.austin.ibm.com, O=IBM, C=US Serial number: 1128544457 Expires: Thu Oct 20 15:34:17 CDT 2006 SHA-1 Digest: 91:A1:A9:2D:F2:7D:70:0F:04:06:73:A3:B4:A4:9C:56:9D:A8:A3:BA MD5 Digest: 88:72:C5:88:00:1C:A7:FA:D6:EB:04:88:AC:A1:C9:13 Add signer to the truststore now? (y/n) y A retry of the request might need to occur. ADMU0508I: The Application Server "server1" is STARTED.