To perform Secure Sockets Layer (SSL) communication with a server,
WebSphere Application Server must retrieve a signer certificate from a secure
remote SSL port during the handshake. After the signer certificate is retrieved,
you can add the signer certificate to a keystore.
Before you begin
The keystore that is to contain the signer certificate must already
exist.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management > Manage
endpoint security configurations > {Inbound | Outbound} > Key stores and certificates
> keystore > Signer certificates > Retrieve from port.
- Click Retrieve from port.
- Type the host name of the machine on which the signer resides.
- Type the port location on the host machine on which the signer
resides. The port location is not limited to ports on WebSphere
Application Server. The ports can include Lightweight Directory Access Protocol
(LDAP) ports or ports on any server on which an SSL port is already configured,
such as SIB_ENDPOINT_SECURE_ADDRESS.
Note: In a network deployment
environment, you need to specify the correct secure sockets layer (SSL) port
number when attempting to retrieve a signer certificate from a remote SSL
port.
- Use the port number associated with the port name, WC_adminhost_secure,
when retrieving a signer certificate from the deployment manager.
- Use the port number associated with the port name, CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS,
when retrieving a signer certificate from a node.
All certificates must be in place prior to retrieving them from the deployment
manager or from base servers.
- Select an SSL configuration for the outbound connection from the
list.
- Type an alias name for the certificate.
- Click Retrieve signer information. A message
window displays information about the retrieved signer certificate, such as:
the serial number, issued-to and issued-by identities, SHA hash, and expiration
date.
- Click Apply. This action indicates that you accept
the credentials of the signer.
Results
The signer certificate that is retrieved from the remote port is stored
in the keystore.
What to do next
An SSL configuration or client process that requires an SSL connection
to the server can use the retrieved and approved signer certificate.