Configure the server-side collection certificate store using the Assembly Toolkit
A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message.
You can configure the collection certificate either by using the Assembly Toolkit or the WAS administrative console. Complete the following steps to configure the server-side collection certificate store using the Assembly Toolkit.
- Launch the Assembly Toolkit and click Windows > Open Perspective > J2EE.
- Select the Web services-enabled Enterprise JavaBean (EJB) or Web module.
- In the Package Navigator window, locate the META-INF directory for an EJB module or the WEB-INF directory for a Web module.
- Right-click the webservices.xml file, select Open With > Web Services Editor.
- Click the Binding Configurations tab in the Web services editor within the Assembly Toolkit.The Web Service Binding Configuration window is displayed.
- Select one of the Web service description binding entries under the Port Component Binding section.
- Expand the Request Receiver Binding Configuration Details > Certificate Store List > Collection Certificate Store section.
- Click Add to create a new collection certificate store, click Edit to edit an existing certificate store, or click Remove to delete an existing certification store.
- Enter a name in the Name field.This name is referenced in the Certificate store reference field in the Signing info dialog.
- Leave the Provider field as IBMCertPath.
- Click Add to enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT]/etc/ws-security/samples/intca2.cer. If you have additional certificate store paths, click Add to add the paths.
- Click OK when you finish adding paths.
See Also
Securing Web services using XML digital signature
Configuring the client-side collection certificate store using the Assembly Toolkit
Configuring the client-side collection certificate store using the administrative console
Collection certificate store collection
Collection certificate store configuration settings
X.509 certificates collection
X.509 certificate configuration settings