+

Search Tips   |   Advanced Search

Add the DataPower signer certificate to the WAS default truststore to enable an SSL connection

When configuring a DataPower appliance when security is enabled, the signer certificate of the DataPower server must be added to the WebSphere Application Server default truststore to enable an SSL connection to be made from WAS to the DataPower server.

We can add the signer certificate of the DataPower server to the WAS default truststore to enable an SSL connection using the administrative console or using the addSignerCertificate wsadmin command.

The DataPower signer certificate should be installed in the DataPower-root-ca-cert.pem file under the Deployment managers profile in the WAS_HOME/profiles/<DMGR profile>/etc directory.


Tasks

  1. From the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Add signer certificate.

  2. In the Alias box, enter an alias name in which to identify the DataPower signer certificate.

  3. In the File name box, enter the full path to the DataPower-root-ca-cert.pem file.

  4. Click Apply and Save.

    We can alternately use the addSignerCertificate wsadmin command to add the DataPower server to the WAS default truststore by entering the following: 

    wsadmin> AdminTask.addSignerCertificate('[-keyStoreName 
CellDefaultTrustStore -certificateFilePath 
c:/wasHomeDir/profiles/Dmgr01/etc/DataPower-root-ca-cert.pem 
-certificateAlias datapower ]').

    If the DataPower-root-ca-cert.pem certificate file is not installed on the system, we can retrieve the DataPower certificate from the port using the administrative console:

    1. Click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.

    2. In the Host box, enter the DataPower server hostname.

    3. In the Port box, enter the port of the DataPower server.

    4. In the Alias box, enter an alias name to identify the DataPower signer certificate.

    5. Click Retrieve signer information.

    6. Verify that the certificate information is correct, then click Apply and Save


Related:

  • Secure Socket Layer communication with DataPower