+

Search Tips   |   Advanced Search

Import self-signed IHS certificate into WAS default trust store


Overview

To establish trusted server-to-server communication for Connections, import signer certificates from IBM HTTP Server into the WAS default trust store.

There are different types of certificates that we can use. This procedure describes how to import a self-signed certificate. We can also import a certificate purchased from a third-party Certificate Authority.


Import a public certificate from IHS to the default trust store in IBM WAS

  1. Configure IHS to support SSL.

  2. Log into the IBM WAS console and select...

      Security | SSL Certificate and key management | Key stores and certificates | CellDefaultTrustStore | Signer Certificates | Retrieve from port

  3. Enter the Host name, SSL Port, and Alias of the web server.

    The Alias is typically an arbitrary string that will become the name of the credentials.

  4. Click...

      Retrieve Signer Information

    ...and then click OK. The root certificate is added to the list of signer certificates.

  5. If using Tivoli Access Manager or other proxies, also repeat steps 4-6 for the Tivoli Access Manager or other proxy servers.


Results

If the configuration changes aren't successful, ensure you have applied the instructions to configure a default personal certificate.


What to do next

Verify that users can create a private community and add other widgets, such as Activities, Blogs, Dogear, and so on, to it. Ensure there are no errors when these widgets are added. If problems are reported, consult the Communities SystemOut.log file.

The proxy-config.tpl file allows a proxy to work with self-signed certificates. This is true for an out-of-the-box deployment but for improved security you should set the value of the unsigned_ssl_certificate_support property to false when the deployment is ready for production.

Ensure that we are ready to renew the certificate before it expires. WebSphere Application Server provides a utility for monitoring certificates.


Parent topic:
Configure IBM HTTP Server

Previous topic: Configure IBM HTTP Server for SSL

Next topic: Determine which files to compress