WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Configure Web Services Security during application assembly > Configure XML digital signature for v5.x web services with an assembly tool

Configure the client-side collection certificate store using an assembly tool

We can configure the client-side collection certificate store using the assembly tool. There is an important distinction between v5.x and v6 and later applications. The information in this article supports v5.x applications only used with WebSphere Application Server v6.0.x and later. The information does not apply to v6 and later applications.

A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message.

We can configure the collection certificate either using an assembly tool or the WAS dmgr console. To configure the client-side collection certificate store using the assembly tool.

  1. Launch an assembly tool. For more information, see the related information on Assembly Tools.
  2. Switch to the Java EE perspective. Click Window > Open Perspective > J2EE.

  3. Click Application Client projects > application_name > appClientModule > META-INF.
  4. Right-click the application-client.xml file, select Open with > Deployment Descriptor Editor, and click the WS Binding tab, located at the bottom of deployment descriptor editor within the assembly tool. The Client Deployment Descriptor is displayed.

  5. Click the Port binding tab in deployment descriptor editor within the assembly tool. The web services client port binding window is displayed.

  6. Select one of the port-qualified name binding entries.

  7. Expand the Security response receiver binding configuration > certificate store list > Collection certificate store section.

  8. Click Add to create a new collection certificate store, click Edit to edit an existing certificate store, or click Remove to delete an existing certificate store.

  9. Enter a name in the Name field. This name is referenced in the Certificate store reference field in the Signing info dialog box.
  10. Leave the Provider field as IBMCertPath.

  11. Click Add to enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. If we have additional certificate store paths, click Add to add the paths.

  12. Click OK when we finish adding paths.


Related concepts:

Development and assembly tools


Related


Configure the server-side collection certificate store using an assembly tool
Configure the client-side collection certificate store


+

Search Tips   |   Advanced Search