Before you begin
Before you complete this procedure, ensure that IBM
HTTP Server is configured to support SSL. For more information, see the Configuring IBM HTTP Server for SSL
About this task
To establish trusted communication between IBM
HTTP Server and a web browser, import signer certificates from WebSphere
® Application Server.
There are different types of certificates that you can use. This procedure describes how to import the self-signed certificate that is shipped with WebSphere
Application Server. You can also import a certificate that you purchased from a third-party Certificate Authority, or create a new self-signed certificate.
To import a public WebSphere
Application Server certificate into the IBM
HTTP Server plug-in, complete the following steps:
- Copy the plugin-key.kdb file from the ibm_http_server_root/Plugins/config/webserver1 directory to the app_server_root/profiles/AppSrv01/config/cells/cell_name/nodes/node_name/servers/webserver_name directory.
where cell_name, node_name, and webserver_name are the names of your WebSphere Application Server cell, the name of the node that you are configuring, and your web server.
- Log into the IBM WebSphere Application Server Integrated Solutions Console and select Security -> SSL Certificate and key management -> Key stores and certificates.
- Click CellDefaultKeyStore.
- Click Personal Certificates.
- Select the check box beside the default certificate and click Extract.
- Enter a fully-qualified Certificate file name. If you do not specify a directory path, the certificate is stored in the app_server_root/profiles/profile_name/etc directory, where profile_name is the name of the current WebSphere Application Server profile.
- Click OK to extract the file.
- In the IBM WebSphere Application Server Integrated Solutions Console, select Servers -> Server Types -> Web servers.
- Click webserver_name, where webserver_name is the name of your IBM HTTP Server web server.
- Click Plug-in properties and then click Manage keys and certificates.
- Under Additional Properties, click Signer certificatesand then click Add.
- Enter the certificate Alias and its fully-qualified File nameand then click OK.
- Click Save to import the file.
- In the IBM WebSphere Application Server Integrated Solutions Console, select Servers -> Server Types -> Web servers -> webserver_name -> Plug-in properties.
- Click Copy to web server key store directory to synchronize the KDB file with IBM HTTP Server.
- To apply the changes, restart IBM HTTP Server.
If your configuration changes are not successful, ensure that you have applied the instructions to configure a default personal certificate.
What to do next
file allows the proxy to work with self-signed certificates. For improved security, set the value of the unsigned_ssl_certificate_support
property to false when your deployment is ready for production.
Parent topic: Adding certificates to the WebSphere trust store