Configuring the IBM® JRE to talk to a secured WAS

You must follow the steps in this topic if you want to use the Web services wizard to retrieve an HTTPS WSDL or if you want to use the Web Services Explorer against a secured WebSphere® Application Server. If you encounter an error similar to Error opening socket: javax.net.ssl.SSLHandshakeException: unknown certifcate this task will resolve the issue. This occurs because WAS uses a security certificate for negotiating secured connections that other JRE-based applications do not normally share.

To configure your JRE to accept the WAS certificate:

  1. Launch the ikeyman tool from your eclipse JRE. This is located in the following location within your WAS install directory: install_dir\java\jre\bin\ikeyman.exe. The default install locations for the servers are:

    • WAS v6.x: Rational_install_dir\runtimes\base_v6x

    • WAS v7.0: Rational_install_dir\runtimes\base_v7

  2. Click the

    Open a key database file icon:

  3. In the window that opens, click Browse and locate the DummyClientTrustFile.jks in your WAS profile. The default location may be similar to . install_dir\profiles\profile_name\etc\DummyClientTrustFile.jks Click OK when you have found the file.

  4. You will be prompted for a password. Enter WebAS.

  5. Select

    Signer Certificates from the drop-down list, and then select

    default_signer and click

    Extract.

  6. Note the location and name of the certificate because it will be required in later steps. Click OK to save the file.

  7. Click the

    Open a key database file icon again, and browse to the Eclipse JRE cacerts. This file is located here: install_dir\java\jre\lib\security\cacerts.

  8. When prompted for a password enter changeit.

  9. Click

    Add, and browse to the file that you saved earlier. You may have to set the file types field to All Files. Click OK when the correct file has been selected in the Open window.

  10. Enter a label for the certificate.

The JRE can now accept the server certificate automatically. Note that the certificate might restrict to the same host name on the certificate (this would be the host name including domain).