The Web Experience Factory Designer uses a secure transport to communicate with the WebSphere Application Server during the process of publishing a WEF project to a WebSphere based test environment. The WEF Designer automatically manages the SSL certificates used for the transport.
When a new WebSphere Application Server is used in the publish configuration, the WEF Designer automatically accepts the SSL certificate presented by the Websphere Application Server and installs the SSL certificate into the Designer's trust store.
On occasion, it may be necessary to manually manage the WEF Designer's trust store to explicitly add, update or remove a SSL certificate. For example, if the WebSphere Application Server is using a self-signed certificate (common), and that certificate expires, the WEF Designer may not automatically accept the new version of that certificate after WAS regenerates a new copy. Or in the case of a re-installation of the WebSphere Application Server on the same host using the same installation parameters as a previous install, a new self-signed certificate will be generated by WAS which doesn't match the previous version of the same certificate.
The WEF Designer stores these SSL certificates used for publishing in its trust store in the following path:
For older versions of WEF, the trust store can be found in a slightly different path:
To manage the trust store, the java keytool command should be used.
As an example, to locate and remove a certificate from the WEF Designer trust store, run the following commands:
This command lists the SSL certificates contained in the trust store:
keytool -list -v -keystore <path to DummyClientTrustFile.jks> -storetype JKS -storepass WebAS
This command removes a SSL certificate from the trust store identified by the alias, which you can obtain from the output of the first command:
keytool -delete -keystore <path to DummyClientTrustFile.jks> -storetype JKS -storepass WebAS -alias <certificate alias>