Retrieving signers from a remote SSL port

To perform Secure Sockets Layer (SSL) communication with a server, WebSphere Application Server must retrieve a signer certificate from a secure remote SSL port during the handshake. After the signer certificate is retrieved, you can add the signer certificate to a keystore.

Before you begin

The keystore that is to contain the signer certificate must already exist.
Alternative Method: To retrieve a signer certificate from a port using the wsadmin tool, use the retrieveSignerFromPort command of the AdminTask object. For more information, see SignerCertificateCommands command group for the AdminTask object.

About this task

Complete the following steps in the administrative console:

Procedure

  1. Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > Key stores and certificates > keystore > Signer certificates > Retrieve from port.
  2. Click Retrieve from port.
  3. Type the host name of the machine on which the signer resides.
  4. Type the port location on the host machine on which the signer resides. The port location is not limited to ports on WebSphere Application Server. The ports can include Lightweight Directory Access Protocol (LDAP) ports or ports on any server on which an SSL port is already configured, such as SIB_ENDPOINT_SECURE_ADDRESS.
    Note: In a network deployment environment, you need to specify the correct secure sockets layer (SSL) port number when attempting to retrieve a signer certificate from a remote SSL port.
    • Use the port number associated with the port name, WC_adminhost_secure, when retrieving a signer certificate from the deployment manager.
    • Use the port number associated with the port name, CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS, when retrieving a signer certificate from a node.
    All certificates must be in place prior to retrieving them from the deployment manager or from base servers.
  5. Select an SSL configuration for the outbound connection from the list.
  6. Type an alias name for the certificate.
  7. Click Retrieve signer information. A message window displays information about the retrieved signer certificate, such as: the serial number, issued-to and issued-by identities, SHA hash, and expiration date.
  8. Click Apply. This action indicates that you accept the credentials of the signer.

Results

The signer certificate that is retrieved from the remote port is stored in the keystore.

What to do next

An SSL configuration or client process that requires an SSL connection to the server can use the retrieved and approved signer certificate.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 2:56:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=tsec_sslretrievesignersport
File name: tsec_sslretrievesignersport.html