WAS v8.5 > Secure applications > Secure communications > Create a keystore configuration for a preexisting keystore file

Manage keystore configurations remotely

We can manage keystores remotely in a WebSphere Application Server, Network Deployment environment on separate machines. A node server can hold the configuration for a keystore, while the actual keystore resides on another system. After you set up a remotely managed configuration, we can perform all of the certificate and keystore operations for the keystore on the remote machine from the server containing the keystore remote configuration.

Key stores can be remotely managed only in network deployed environments.

Alternative Method: To manage a self-signed certificates using wsadmin, use the PersonalCertificateCommands group commands of AdminTask. For more information, see the PersonalCertificateCommands command group for AdminTask article.

Complete the following steps in the dmgr console:

  1. Click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Key stores and certificates.

  2. Click New.

  3. Type a name in the Name field. This name uniquely identifies the keystore in the configuration.

  4. Type the location of the keystore file in the Path field. The location can be a file name or a file Uniform Resource Locator (URL) to an existing keystore file.

  5. Type the keystore password in the Password field. This password is for the keystore file that you specified in the Path field.

  6. Type the keystore password again in the Confirm Password field to confirm the password.

  7. Select a keystore type from the list. The type you select is for the keystore file that you specified in the Path field.

  8. Select the Remotely managed check box, and then fill in one or more hosts names of the systems where the keystore file is to be located. If you provide multiple host names, separate the host names with a pipe (|).

  9. Select any of the following optional selections:

    • The Read only selection creates a keystore configuration object but does not create a keystore file. If this option is selected, the keystore file that you specified in the Path field must already exist.
    • The Initialize at startup selection initializes the keystore during run time.

  10. Select Apply and Save.


Results

A keystore configuration object is created on the server from where the command was run. The keystore file for the configuration will be created on each system that you specified in the host list.

Now, we can perform all certificate management operations on the keystore from the system where the keystore configuration resides. For example, we can perform certificate management operations, such as: creating a self-signed certificate, extracting a certificate, or extracting a signer certificate.


Related


Extracting a signer certificate from a personal certificate
Create a self-signed certificate


Reference:

PersonalCertificateCommands command group for AdminTask


+

Search Tips   |   Advanced Search