WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

Retrieve from port

Use this page to retrieve a signer certificate from a remote SSL port. The system connects to the specified remote SSL host and port and receives the signer during the handshake using a trust manager. The signer SHA hash displays for validation and, if approved by an administrator, is added to the currently selected trust store.

To view this administrative console page, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration . Under Related items, click Key stores and certificates > key store > Signer certificates > Retrieve from port.

Configuration tab

Host

Specifies the host name to which you connect when attempting to retrieve the signer certificate from the Secure Sockets Layer (SSL) port.

Data type: Text
Port

Specifies the SSL port to which you connect when attempting to retrieve the signer certificate.

Note: In a network deployment environment, you need to specify the correct secure sockets layer (SSL) port number when attempting to retrieve a signer certificate from a remote SSL port.
  • Use the port number associated with the port name, WC_adminhost_secure, when retrieving a signer certificate from the deployment manager.
  • Use the port number associated with the port name, CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS, when retrieving a signer certificate from a node.
All certificates must be in place prior to retrieving them from the deployment manager or from base servers.
Data type: Text
SSL configuration for outbound connection

Specifies the SSL configuration that is used to connect to the previously specified SSL port. This configuration is also the SSL configuration that contains the signer after retrieval. This SSL configuration does not need to have the trusted certificate for the SSL port as it is retrieved during validation and presented here.

Data type: Text
Default: DefaultSSLConfig
Alias

Specifies the certificate alias name that you want to reference the signer in the key store, which is specified in the SSL configuration.

Data type: Text
Retrieved signer information

Specifies the signer certificate information if it is retrieved from the remote host and port.

Serial number

Specifies the certificate serial number that is generated by the issuer of the certificate.

Issued to

Specifies the distinguished name of the entity to which the certificate was issued.

Issued by

Specifies the distinguished name of the entity that issued the certificate. This name is the same as the issued-to distinguished name when the signer certificate is self-signed.

Fingerprint (SHA Digest)

Specifies the Secure Hash Algorithm (SHA hash) of the certificate, which can be used to verify the certificate's hash at another location, such as the client side of a connection.

Expiration

Specifies the expiration date of the retrieved signer certificate for validation purposes.




Related tasks
Creating a Secure Sockets Layer configuration
Related reference
Key stores and certificates collection
Signer certificates collection
Reference topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/usec_sslretrievesignercert.html