X.509 certificate configuration settings

Use this page to specify a list of untrusted, intermediate certificate files. This collection certificate store is used for certificate path validation of incoming X.509-formatted security tokens.

To view the administrative console panel for the collection certificate store on the cell level, complete the following steps:

  1. Click Security > Web services.

  2. Under additional properties, click Collection certificate store.

  3. Click the name of a configured collection certificate store or create a new collection certificate store first.

  4. Under Additional properties, click X.509 certificates.

  5. Specify a new X.509 certificate path by clicking New or by clicking the X.509 certificate path to modify its settings.

To view the administrative console panel for the collection certificate store on the server level, complete the following steps:

  1. Click Servers > Application servers > servername.

  2. Under Security, click Web services: Default bindings for Web services security.

  3. Under Additional properties, click Collection certificate store.

  4. Click the name of a configured collection certificate store or create a new collection certificate store first.

  5. Under Additional properties, click X.509 certificates.

  6. Specify a new X.509 certificate path by clicking New or by clicking the X.509 certificate path to modify its settings.

To view this administrative console page for an X.509 certificate on the application level, complete the following steps:

  1. Click Applications > Enterprise applications > appname.

  2. Under Related items, click EJB modules or Web modules > URI_name.

  3. Under Additional properties, one can access collection certificate stores for the following bindings:

  4. Under Additional properties, one can access the collection certificate stores for the following bindings.

  5. Click the name of a configured collection certificate store or create a new collection certificate store first.

  6. Under Additional properties, click X.509 certificates.

  7. Specify a new X.509 certificate path by clicking New or click the X.509 certificate path to modify its settings.

X.509 Certificate Path

Specifies the absolute path to the location of the X.509 certificate.

As shown in the following example, use the USER_INSTALL_ROOT variable as part of the path name: {USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. This X.509 certificate path is not for production use. Obtain your own X.509 from a certificate authority before putting your WebSphere Application Server environment into production.

One can configure the USER_INSTALL_ROOT variable in the administrative console by clicking Environment > WebSphere Variables.


 

Related Tasks


Manage digital certificates