Use these steps if you want to use the web services wizard to retrieve an HTTPS WSDL or if you want to use the Web Services Explorer against a secured WebSphere® Application Server. If you encounter an error similar to Error opening socket: javax.net.ssl.SSLHandshakeException: unknown certifcate this task resolves the issue. This error occurs because WebSphere Application Server uses a security certificate for negotiating secured connections that other JRE-based applications do not normally share.
About this task
Important: Applicable to WebSphere
Application Server traditional
To configure your JRE to accept the WebSphere Application Server certificate:
Procedure
- Start the iKeyman tool from your Eclipse JRE, which is in the following location within your WebSphere Application Server installation directory: install_dir\java\jre\bin\ikeyman.exe. The default installation locations for the servers:
- WebSphere Application Server: install_dir\java\jre\bin\ikeyman.exe
Note: The install_dir directory is where you installed the version of WebSphere Application Server.
- Click the Open a key database file icon:
- In the window that opens, click Browse and locate the DummyClientTrustFile.jks in your WebSphere Application Server profile. The default location might be similar to install_dir\profiles\profile_name\etc\DummyClientTrustFile.jks Click OK when you find the file.
- You are prompted for a password. Enter WebAS.
- Select Signer Certificates from the list, and then select default_signer and click Extract.
- Note the location and name of the certificate because it is needed in later steps. Click OK to save the file.
- Click the Open a key database file icon again, and browse to the Eclipse JRE cacerts. This file is located here: install_dir\java\jre\lib\security\cacerts.
- When prompted for a password enter changeit.
- Click Add, and browse to the file that you saved earlier. You must set the file types field to All Files. Click OK when the correct file is selected in the open window.
- Enter a label for the certificate.
Results
The JRE can now accept the server certificate automatically. The certificate might restrict to the same host name on the certificate (the host name, including the domain).