+

Search Tips   |   Advanced Search

Set the server-side collection certificate store using the admin console


Configure the collection certificate either by using an assembly tool or the WAS admin console.

There is an important distinction between Version 5.x and V6 and later applications. The information in this article supports V5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V 6 and later applications.

A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs is used to check the signature of a digitally signed SOAP message.

Complete the following steps to configure the server-side collection certificate store using the admin console.

 

  1. Connect to the WAS admin console.

    We can connect to the admin console by typing http://localhost:port_number/ibm/console in your Web browser unless we have changed the port number.

  2. Click Applications > Application Types > WebSphere enterprise applications > application_name.

  3. Under Manage modules, click URI_name

  4. Under WS-Security Properties, click Web services: server security bindings to add the collection certificate store to the server security bindings. If we do not see any entries, return to the assembly tool and configure the security extensions for the server. To configure the security extensions for the server, see the following topics:

  5. Click Edit under Request Receiver Binding to edit the server security bindings.

  6. Click Collection certificate store.

  7. Click a Certificate store name to edit an existing certificate store or click New to add a new certificate store name.

  8. Enter a name in the Certificate store name field. The name entered in this field is a name that is referenced in the Certificate store field on the Signing information configuration page.

  9. Leave the Certificate store provider field as IBMCertPath.

  10. Click Apply.

  11. Under Additional Properties, click X.509 Certificates > New.

  12. Enter the path to the certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. If we have any additional certificate store paths to enter, click New and add the path names.

  13. Click OK.

 

Related tasks


Set the server-side collection certificate store using an assembly tool
Set the client-side collection certificate store
Set default collection certificate stores at the server level in the WAS admin console
Set the client for response digital signature verification: verifying the message parts
Set the client for response digital signature verification: choosing the verification method
Set the server for request digital signature verification: Verifying the message parts
Set the server for request digital signature verification: choosing the verification method
Secure Web services for V5.x applications using XML digital signature