WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Configure XML digital signature for v5.x web services with the dmgr console

Configure the client-side collection certificate store

We can configure the client-side collection certificate store using the dmgr console. There is an important distinction between v5.x and v6 and later applications. The information in this article supports v5.x applications only used with WebSphere Application Server v6.0.x and later. The information does not apply to v6 and later applications.

A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message.

We can configure the collection certificate either using the assembly tools or the WAS dmgr console. To configure the client-side collection certificate store using the dmgr console.

1. Connect to the WAS dmgr console.

   We can connect to the dmgr console by typing http://localhost:port_number/ibm/console in the web browser unless we have changed the port number.

2. Click Applications > Application Types > WebSphere enterprise applications > application_name.

3. Under Manage modules, click URI_name.

4. Under Web Services Security Properties, click Web services: Client security bindings to add the collection certificate store to the client security bindings. If we do not see any entries, return to the assembly tool and configure the security extensions for either the client or the server.

   To configure the security extensions for the client, see the following topics:

   • Configure the client for response digital signature verification: verifying the message parts
   • Configure the client for response digital signature verification: choosing the verification method

5. Under Response receiver binding, click Edit to edit the client security bindings.

6. Click Collection certificate store.

7. Click a Certificate store name to edit an existing certificate store or click New to add a new certificate store name.

8. Enter a name in the Certificate store name field. The name entered in this field is a name referenced in the Certificate store field on the Signing information configuration page.
9. Leave the Certificate store provider field value as IBMCertPath.

10. Click Apply.

11. Under Additional properties, click X.509 certificates > New.

12. Enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. If we have any additional certificate store paths to enter, click New and add the path names.

13. Click OK.

Related concepts:

Collection certificate store

Related

Configure the server-side collection certificate store
Configure the server-side collection certificate store using an assembly tool
Configure the client for response digital signature verification: verifying the message parts
Configure the client for response digital signature verification: choosing the verification method
Configure the server for request digital signature verification: Verifying the message parts
Configure the server for request digital signature verification: choosing the verification method

+

Search Tips   |   Advanced Search