+

Search Tips   |   Advanced Search

X.509 certificate configuration settings

Use this page to specify a list of untrusted, intermediate certificate files. This collection certificate store is used for certificate path validation of incoming X.509-formatted security tokens. To view the console panel for the collection certificate store on the cell level, complete the following steps:

  1. Click Security > Web services.

  2. Under additional properties, click Collection certificate store.

  3. Click the name of a configured collection certificate store or create a new collection certificate store first.

  4. Under Additional properties, click X.509 certificates.

  5. Specify a new X.509 certificate path by clicking New or by clicking the X.509 certificate path to modify its settings.

To view the console panel for the collection certificate store on the server level...

  1. Click Servers > Application servers > server .

  2. Under Security, click Web services: Default bindings for Web services security.

  3. Under Additional properties, click Collection certificate store.

  4. Click the name of a configured collection certificate store or create a new collection certificate store first.

  5. Under Additional properties, click X.509 certificates.

  6. Specify a new X.509 certificate path by clicking New or by clicking the X.509 certificate path to modify its settings.

To view this console page for an X.509 certificate on the application level...

  1. Click Applications > Enterprise applications > application.

  2. Click Manage modules > URI_name.

  3. Under Web Services Security Properties, you can access collection certificate stores for the following bindings:

    • For the Request generator, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom > Collection certificate store.

    • For the Request consumer, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom > Collection certificate store.

    • For the Response generator, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom > Collection certificate store.

    • For the Response consumer, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom > Collection certificate store.

  4. [V5 only] Under Additional properties, you can access the collection certificate stores for the following bindings.

  5. Click the name of a configured collection certificate store or create a new collection certificate store first.

  6. Under Additional properties, click X.509 certificates.

  7. Specify a new X.509 certificate path by clicking New or click the X.509 certificate path to modify its settings.

X.509 Certificate Path

[V5 and 6 only]

Specify the absolute path to the location of the X.509 certificate.

As shown in the following example, you can use the USER_INSTALL_ROOT variable as part of the path name: {USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. This X.509 certificate path is not for production use. Obtain your own X.509 from a certificate authority before putting your appserver environment into production.

You can configure the USER_INSTALL_ROOT variable in the administrative console by clicking Environment > WebSphere Variables.




 

Related tasks


Configure the collection certificate store for the generator binding on the application level

 

Related Reference

X.509 certificates collection
Collection certificate store collection
Collection certificate store configuration settings

 

Reference topic