Configure the client-side collection certificate store using an assembly tool
We can configure the client-side collection certificate store using the assembly tool.
Important: There is an important distinction between Version 5.x and Version 6 and later applications. The information supports Version 5.x applications only used with WAS v6.0.x and later. The information does not apply to Version 6 and later applications.
A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message.
We can configure the collection certificate either by using an assembly tool or the WAS administrative console. Complete the following steps to configure the client-side collection certificate store using the assembly tool.
- Launch an assembly tool. For more information, see the related information on Assembly Tools.
- Switch to the Java EE perspective. Click Window > Open Perspective > J2EE.
- Click Application Client projects > application_name > appClientModule > META-INF.
- Right-click the application-client.xml file, select Open with > Deployment Descriptor Editor, and click the WS Binding tab, which is located at the bottom of deployment descriptor editor within the assembly tool. The Client Deployment Descriptor is displayed.
- Click the Port binding tab in deployment descriptor editor within the assembly tool. The web services client port binding window is displayed.
- Select one of the port-qualified name binding entries.
- Expand the Security response receiver binding configuration > certificate store list > Collection certificate store section.
- Click Add to create a new collection certificate store, click Edit to edit an existing certificate store, or click Remove to delete an existing certificate store.
- Enter a name in the Name field. This name is referenced in the Certificate store reference field in the Signing info dialog box.
- Leave the Provider field as IBMCertPath.
- Click Add to enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. If we have additional certificate store paths, click Add to add the paths.
- Click OK when you finish adding paths.
Related concepts
Development and assembly tools
Related tasks
Configure the server-side collection certificate store using an assembly tool Configure the client-side collection certificate store using the administrative console Configure default collection certificate stores at the server level in the WAS administrative console