Before you begin
Before you complete this procedure, ensure that IBM
HTTP Server is configured to support SSL. For more information, see the Configuring IBM HTTP Server for SSL
This topic describes the procedure to configure certificates in a deployment with one webserver.
About this task
To establish trusted server to server communication for IBM
Connections, import signer certificates from IBM
HTTP Server into the WebSphere
Application Server default trust store.
There are different types of certificates that you can use. This procedure describes how to import a self-signed certificate. You can also import a certificate that you purchased from a third-party Certificate Authority. To help decide a key file strategy for your environment, go the IBM HTTP Server information center
To import a public certificate from IBM
HTTP Server to the default trust store in IBM WebSphere
Application Server, complete the following steps:
- Log into the IBM WebSphere Application Server Integrated Solutions Console and select Security -> SSL Certificate and key management -> Key stores and certificates.
- Click CellDefaultTrustStore.
- Click Signer Certificates.
- Click Retrieve from port.
- Enter the Host name, SSL Port, and Alias of the webserver.
- Click Retrieve Signer Information and then click OK. The root certificate is added to the list of signer certificates.
If your configuration changes aren't successful, ensure that you have applied the instructions to configure a default personal certificate.
What to do next
Verify that users can create a private community and add other widgets, such as Activities, Blogs, Dogear, and so on, to it. Ensure that there are no errors when these widgets are added. If problems are reported, consult the Communities SystemOut.log
file allows a proxy to work with self-signed certificates. This is true for an out-of-the-box deployment but for improved security you should set the value of the unsigned_ssl_certificate_support
property to false when your deployment is ready for production.
Ensure that you are ready to renew your certificate before it expires. WebSphere
Application Server provides a utility for monitoring certificates. For more information, go to the Configuring certificate expiration monitoring
topic in the WebSphere
Application Server information center.
Parent topic: Configuring IBM HTTP Server
Previous topic: Configuring IBM HTTP Server for SSL
Next topic: Determining which files to compress
Configuring IBM HTTP Server for SSL