WebSphere

 

Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

 

Enable SSL connections to an Exchange server for the Common PIM portlets

You allow Common Mail or Common Calendar to connect to an Exchange server over the WebDAV protocol with a secure SSL (HTTPS) connection by modifying the WebSphere Portal Express JVM to accept the Exchange server's SSL certificate and using the IBM Key Management Utility to make the certificate available to the Portal.

 

Modifying the Portal JVM to accept the Exchange server's SSL certificate

In order to use SSL features with the mail or calendar portlet, the JVM for WebSphere Portal Express Server must be informed that it should accept the Exchange server's SSL certificate. To do this you need to have the certificate from the Exchange server available. The certificate can be obtained in a number of ways. The best way to obtain it is to ask the Exchange administrator to send it to you.

 

Using the IBM Key Management Utility to make the certificate available to Portal

To make the Exchange server's SSL certificate available to WebSphere Portal Express, use the IBM Key Management Utility (IKeyMan) supplied by WebSphere Application Server to import the certificates into the necessary Java Key Store (.jks) format key storage files. Note that the WebSphere Application Server-supplied IKeyMan tool is not the same as other key management tools, even though the user interface may be very similar. IKeyMan supports the Java Key Store file formats necessary for WebSphere Application Server and WebSphere Portal Express, whereas other key management tools may not. See the WebSphere Application Server documentation for details about how to use this tool.

This is a brief overview of the steps to perform:

  1. Start IKeyMan, which is located in was_profile_root/bin, by issuing the ikeyman.exe or ikeyman.sh command from the command line (depending on your operating system).

  2. Open the was_root/java/jre/lib/security/cacerts file. By default, the password for this file is changeit.

  3. Select Signer Certificates, and then click Add.

  4. Select Base64-encoded ASCII data as the data type, and browse to the certificate file of the Exchange server's SSL certificate. You may have to rename the certificate file so that the file extension matches the extension that IKeyMan is looking for (.arm).

  5. Specify a label for the new certificate.

  6. Restart WebSphere Application Server and WebSphere Portal Express.

 

Parent topic:

Using the Common PIM portlets with Exchange

 

Next topic

Using the Common PIM portlets with Exchange and Java 2 security