Collection certificate store collection
See below to view a list of certificate stores that contains untrusted, intermediary certificate files awaiting validation.
Validation might consist of...
- Checking to see if the certificate is on a certificate revocation list (CRL)
- Checking that the certificate is not expired
- Checking that the certificate is issued by a trusted signer
If CRLs are added to the collection certificate store collection, add the CRLs for the root certificate authority and each intermediate certificate, if applicable. When the CRL is in the certificate collection store, the certificate revocation status for every certificate in the chain is checked against the CRL of the issuer.
When the CRL file is updated, the new CRL does not take effect until you restart the Web service application.
Before a CRL expires, load a new CRL into the certificate collection store to replace the old CRL. An expired CRL in the collection certificate store results in a certificate path (CertPath) build failure.
Collection certificate store on the cell level
Security | JAX-WS and JAX-RPC security runtime | Additional properties | Collection certificate store
Collection certificate store on the server level
Servers | Server Types | WebSphere application servers | server_name | Security | JAX-WS and JAX-RPC security runtime | Additional properties | Collection certificate store
In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for WS-Security.
Collection certificate store on the application level
Applications | Application Types | WebSphere enterprise apps | application_name | Modules | Manage modules | URI_name | WS-Security Properties
We can access collection certificate stores for the following bindings:
- For the Request generator, click...
-
Web services: Client security bindings | Request generator (sender) binding | Edit custom | Collection certificate store
- For the Request consumer, click...
-
Web services: WAS security bindings | Request consumer (receiver) binding | Edit custom | Collection certificate store
- For the Response generator, click...
-
Web services: WAS security bindings | Response generator (sender) binding | Edit custom | Collection certificate store
- For the Response consumer, click...
-
Web services: Client security bindings | Response consumer (receiver) binding | Edit custom | Collection certificate store
Under Additional properties, we can access collection certificate stores for the following bindings:
For the Request receiver binding, click...
-
Web services: WAS security bindings | Response receiver binding | Edit | Collection certificate store
For the Response receiver binding, click...
-
Web services: Client security bindings | Response receiver binding | Edit | Collection certificate store
Complete the following steps:
- Click New to specify a new certificate store name and certificate store provider.
- Click OK and messages display at the top of the admin console panel.
- Within the messages at the top of the admin console panel, click Save.
- Return to the collection certificate store collection panel and click Update runtime to update the WS-Security run time with the default binding information, which is found in the ws_security.xml file. When you click Update runtime, the configuration changes made to the other Web services are also updated in the WS-Security run time.
- Certificate store name
-
Name of the certificate store.
- Certificate store provider
-
Provider of the certificate store.
Related tasks
Set the collection certificate store for the generator binding on the application level
Related
Collection certificate store settings
X.509 certificates collection
X.509 certificate settings
