+

Search Tips   |   Advanced Search

Set default collection certificate stores at the server level in the WAS admin console


We can define a single collection certificate store for all of the applications that need to use the same certificates. Use the WAS admin console to configure the default collection certificate store at the server level.

There is an important distinction between Version 5.x and V6 and later applications. The information in this article supports V5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V 6.0.x and later applications.

A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collection of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message. A certificate store typically refers to a certificate store located in the file system. The location of the certificate store can vary from machine to machine, so we might configure a default collection certificate store for a specific machine and reference it from within the signing information. The signing information is found within the binding configurations of any application installed on the machine. This suggestion enables you to define a single collection certificate store for all of the applications that need to use the same certificates. We also can specify the default binding information at the cell level.

Complete the following steps to configure the default collection certificate store at the server level using the WAS admin console:

 

  1. Connect to the admin console.

    You can access the admin console by typing http://localhost:port_number/ibm/console in your Web browser unless we have changed the port number.

  2. Click Servers > Server Types > WebSphere application servers > server_name.

  3. Under Security, click JAX-WS and JAX-RPC security runtime.

    In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for WS-Security

  4. Under Additional properties, click Collection certificate store.

  5. Enter a name in the Certificate store name field.

    This name is referenced in the Certificate store field on the Signing information configuration page.

  6. Leave the Certificate store provider field value as IBMCertPath.

  7. Click Apply.

  8. Under Additional properties, click X.509 certificates > New.

  9. Enter the path to the certificate store. For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer.

    If we have any additional certificate store paths to enter, click New and add the path names.

  10. Click OK.

 

Related concepts


Collection certificate store

 

Related tasks


Set default collection certificate stores at the cell level in the WAS admin console
Set the server-side collection certificate store using an assembly tool
Set the client-side collection certificate store
Set the server-side collection certificate store
Secure Web services for V5.x applications using XML digital signature