Retrieve signers from a remote SSL port



Overview

To perform SSL communication with a server, WAS must retrieve a signer certificate from a secure remote SSL port during the handshake. After the signer certificate is retrieved, we can add the signer certificate to a keystore.

The keystore that is to contain the signer certificate must already exist.

 

Retrieve signers from a remote SSL port using the console

  1. Go to the Retrieve from port panel...

    Security | SSL certificate and key management | Manage endpoint security configurations | {Inbound | Outbound} | Key stores and certificates | NodeDefaultKeyStore | Signer certificates | Retrieve from port

    ...and set...

    • host name of the machine on which the signer resides
    • port location on the host machine on which the signer resides

    When retrieving a signer certificate from the dmgr use the port number associated with the port...

    WC_adminhost_secure

    When retrieving a signer certificate from a node, use the port number associated with port...

    CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS

    The port location is not limited to ports on WAS. The ports can include LDAP ports or ports on any server on which an SSL port is already configured, such as...

    SIB_ENDPOINT_SECURE_ADDRESS

  2. Select an SSL configuration for the outbound connection from the list.

  3. Type an alias name for the certificate.

  4. Click...

    Retrieve signer information

    A message window displays information about the retrieved signer certificate, such as...

    • serial number
    • issued-to and issued-by identities
    • SHA hash
    • expiration date

  5. Click Apply to accept the credentials of the signer.

 

Related

Retrieve from port
SSL configurations
Dynamic outbound selection of SSL configurations
Keystore configurations for SSL
SignerCertificateCommands command group for the AdminTask object