Extracting and importing SSL certificates

The client, which is the ABAP server requires the signer portion of a personal certificate for Security Socket Layer (SSL) communication to establish trust with the WebSphere® Application Server. You extract the public key, which is called a signer certificate to a file, then import the certificate into the ABAP server. You then export the ABAP SSL certificate and import it into the WebSphere Application Server.

About this task

Signer certificates are added to a keystore on the client side of an SSL communication to establish trust with the server. You extract a signer certificate from the keystore to a file and then import the signer certificate into another keystore.

Procedure

Extract the WebSphere Application Server SSL certificate.

  1. Log in to the WebSphere Application Server administrative console by pointing a browser to http://localhost:9060/ibm/console
  2. Go to the SSL keystore. From the administrative console, click Security > SSL certificate and key management. The SSL certificate and key management page opens.
  3. Under Related Items, click Key stores and certificates.
  4. On the Key stores and certificates page, select the name NodeDefaultKeyStore. The General Properties page opens for the NodeDefaultKeyStore.
  5. Under Additional Properties, click Personal certificates.
  6. On the Personal certificates page, select the check box next to default.
  7. Click Extract.
  8. On the Extract certificate page, specify the path to store the exported certificate.
  9. Click Apply. The exported certificate is stored in the file that is provided.

Import the connector application server SSL certificate.

  1. Start the STRUST transaction.

    The Trust Manager window opens.

  2. Double-click SSL client SSL Client (Anonymous) PSE in the left pane.
  3. Click the Import certificate icon in the lower left.

    Import the connector application server SSL certificate

  4. Specify the name and path for the certificate to import in the File path field. Select Binary for the File format.
  5. Click the check mark to import the certificate.
  6. Click Add to Certificate List.
  7. Save the changes to the client PSE.

    Import certificate

Extract the ABAP SSL certificate.

  1. Start the STRUST application.

    The Trust Manager window opens.

  2. Double-click SSL server Standard PSE in the left pane.
  3. Double-click Own certificate to load it into the Certificate List pane in the lower right.
  4. Click the Export certificate icon in lower left.

    Extract ABAP SSL certificate

    The Export Certificate window opens.

  5. Specify the name and path for the certificate to export in the File path field. Select Binary for the File format.
  6. Click the check mark to save the certificate.

    Export Certificate window

Import the ABAP SSL certificate file into the WebSphere Application Server.

  1. Go to the SSL truststore. From the administrative console, click Security > SSL certificate and key management. The SSL certificate and key management page opens.
  2. Under Related Items, click Key stores and certificates.
  3. On the Key stores and certificates page, select the name NodeDefaultTrustStore. The General Properties page opens for the NodeDefaultTrustStore.
  4. Under Additional Properties, click Signer certificates.
  5. On the Signer certificates page, select the check box next to default.
  6. Click Add.
  7. Enter an alias for the signer certificate in the Alias field.
  8. Enter the full path to the ABAP SSL signer certificate file in the File name field.
  9. Select a data type from the list in the Data type field.
  10. Click Apply.

Feedback