Configure SSL on the application server

Set up the application server to enable SSL communication between IBM Security Identity Manager and the directory server.

The topic guides you through the configuration of SSL using the default cacerts file provided by the Java SDK. Take note that this cacerts file is likely to be overwritten each time the Java SDK is upgraded or a fix pack is applied. To save your settings, backup the cacerts file before you upgrade the Java SDK and then restore the file after upgrade is completed. Otherwise, we can store the certificates in a different keystore file that is not the default cacerts file.

1. Log on to the IBM Security Identity Manager virtual appliance console.

2. From the top-level menu of the Appliance Dashboard, click...
   Configure > Advanced Configuration > Application Server Certificate Management

   The Application Server SSL Certificate page displays the certificate details.

3. Click Update to open the Upload Keystore window.

4. Click Browse to search and select the certificate to import. The File field is populated with the certificate name. For example, appserver.jks.

5. Enter the password for the certificate in the Keystore Password field.

6. From the Keystore Type list, select a type that specifies the keystore.
   • CMSKS
   • JCEKS
   • JKS
   • PKCS11
   • PKCS12

7. Click Save Configuration. The application server SSL certificate configuration takes some time. Do not refresh or close the page. Wait for the configuration process to complete.

Parent topic: Secure communication with supported middleware