+

Search Tips   |   Advanced Search

Create a CA client in SSL

A plug point is provided to allow users to connect to a certificate authority (CA) to request, query, and revoke certificates. A security configuration object, called a CAClient, must be created for WebSphere to communicate with the CA. The CAClient object must contain a WSPKIClient() implementation, and it will handle the connection and communicate with the CA server. Users can also create there own implementation.

The WSPKIClient interface must be implemented and the class name provided as part of the CAClient when it is created.

We use the administrative console to create a new CA client.


Tasks

  1. Click Security > SSL certificate and key management.

  2. Click Certificate Authority (CA) client configurations. A panel of existing CA clients appears.

  3. Click New to create a new CA client in the configuration.

    We can also create a CA client using the createCAClient AdminTask .

  4. Enter the following information for the CA client

    • Name of the CA client.

    • The management scope (selected from the drop-down list).
    • WSPKIClient implementation class.
    • CA server host name.

    • User name.
    • Password.
    • Confirm of password.
    • Number of times to poll.
    • Polling interval (in minutes) when requestin certificates.
    • Custom properties.

  5. Click Apply then OK.

The information in the object can then be used by the runtime to connect to a CA to create, revoke, or replace a certificate.

  • Secure communications
  • Developing the WSPKIClient interface for communicating with a certificate authority
  • CAClientCommands