Configure the client-side collection certificate store using the Assembly Toolkit

A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message.

You can configure the collection certificate either by using the Assembly Toolkit or the WAS administrative console. Complete the following steps to configure the client-side collection certificate store using the Assembly Toolkit.

  1. Launch the Assembly Toolkit and either click Windows > Open Perspective > J2EE.

  2. Select the Web services-enabled Enterprise JavaBean (EJB) or Web module.

  3. In the Package Explorer window, locate the META-INF directory for an EJB module or the WEB-INF directory for a Web module.

  4. Right-click the webservicesclient.xml file and select Open With > Web Services Client Editor.

  5. Click the Port Binding tab in the Web Services Client Editor within the Assembly Toolkit.The Web Services Client Port Binding window is displayed.

  6. Select one of the Port Qualified Name Binding entries.

  7. Expand the Security Response Receiver Binding Configuration > Certificate Store List > Collection Certificate Store section.

  8. Click Add to create a new collection certificate store, click Edit to edit an existing certificate store, or click Remove to delete an existing certificate store.

  9. Enter a name in the Name field.This name is referenced in the Certificate store reference field in the Signing info dialog box.

  10. Leave the Provider field as IBMCertPath.

  11. Click Add to enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. If you have additional certificate store paths, click Add to add the paths.

  12. Click OK when you finish adding paths.


See Also

Securing Web services using XML digital signature
Configuring the server-side collection certificate store using the Assembly Toolkit
Configuring the client-side collection certificate store using the administrative console