Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure communications
Add a signer certificate to a keystore
Signer certificates establish the trust relationship in SSL communication. We can extract the signer part of a personal certificate from a keystore, and then you can add the signer certificate to other keystores. The keystore to add the signer certificate to must already exist.
Alternative Method: To add a signer certificate to a keystore by using wsadmin, use the addSignerCertificate command of the AdminTask object. See the SignerCertificateCommands command group article.
If the security custom property com.ibm.websphere.security.OverwriteAndReplaceOnImport is set to true then import certificate imports a certificate and overwrites an existing certificate. It then perform the certificate replace operation on that certificate. Typically, an existing certificate cannot be overwritten by a certificate that is being imported. The task also replaces all signer certificates from the original certificate and replaces them with the signer certificate from the new certificate that is being imported Complete the following steps in the admin console:
Procedure
- Click Security > SSL certificate and key management > Manage endpoint security configurations > Inbound | Outbound > ssl_configuration > Key stores and certificates.
- Select a keystore from the list of keystores.
- Click Signer certificates.
- Click Add.
- Enter an alias for the signer certificate in the Alias field
- Enter the full path to the signer certificate file in the File name field.
- Select a data type from the list in the Data type field.
- Click Apply.
Results
When these steps are completed, the signer from the certificate file is stored in the keystore. We can see the signer in the keystore files list of signer certificates. Use the keystore to establish trust relationships for the SSL configurations.
Related
Add signer certificate settings
Signer certificates collection
Signer certificate settings
Keystore configurations for SSL
Extract a signer certificate from a personal certificate
Related
SignerCertificateCommands command group