WAS v8.5 > Secure applications > Secure communications

Add a signer certificate to a keystore

Signer certificates establish the trust relationship in SSL communication. We can extract the signer part of a personal certificate from a keystore, and then we can add the signer certificate to other keystores.

The keystore to add the signer certificate to must already exist.

Alternative Method: To add a signer certificate to a keystore using wsadmin, use the addSignerCertificate command of AdminTask.

If the security custom property com.ibm.websphere.security.OverwriteAndReplaceOnImport is set to true then import certificate imports a certificate and overwrites an existing certificate. It then perform the certificate replace operation on that certificate. Typically, an existing certificate cannot be overwritten by a certificate that is being imported. The task also replaces all signer certificates from the original certificate and replaces them with the signer certificate from the new certificate that is being imported

Complete the following steps in the dmgr console:

  1. Click...

      Security | SSL certificate and key management | Manage endpoint security configurations | Inbound | Outbound | ssl_configuration | Key stores and certificates | keystore | Signer certificates | Add

  2. Enter an alias for the signer certificate in the Alias field

  3. Enter the full path to the signer certificate file in the File name field.

  4. Select a data type from the list in the Data type field.

  5. Click Apply.


Results

When these steps are completed, the signer from the certificate file is stored in the keystore. We can see the signer in the keystore files list of signer certificates. Use the keystore to establish trust relationships for the SSL configurations.


Subtopics


Related concepts:
Keystore configurations for SSL
Extracting a signer certificate from a personal certificate
SignerCertificateCommands command group for AdminTask


+

Search Tips   |   Advanced Search