IBM provided information
The IBM-contributed content on this page is under construction. Feel free to add your comments to help us improve it.
To add a certificate to the WAS CE keystore you must use the Administration Console.
Make sure the server is running, and hit the Administration Console with a Browser.
For example: http://localhost:8080/console
The initial administrator credentials are:
Name = system
Password = manager
Click on the Keystores under the Security menu in the left navigation pane.
Next you must make the geronimo-default keystore editable. The default password for this is "secret"
Hit the "Add Trust Certificate" link.
Open the Base-64 certificate file that you previously exported in a text editor, and copy its entire contents. Then paste it into the Trusted Certificate input, and give it an alias name. When complete hit the Review Certificate button.
It may also be necessary to add the certificate to the JRE used by the WAS CE server. To do this, you will need to use the ikeyman tool, which can be found in the folder [WAS CE install location]/jre/bin. You can run the tool by clicking directly on the ikeyman executable file or by launching it from a command line. From the ikeyman tool open the "cacerts" database that is used by the JRE. The "cacerts" database is located in the [WAS CE install location]/jre/lib/security directory. You will need to specify a password to open the "cacerts" database. The default password is "changeit", but check with your System Administrator if it has been changed.
Press the "Open" button to display a list of certificates currently available in the "cacerts" key store.
Press the "Add" button to add the certificate that you previously exported.
Use the "Browse" button to select the certificate, and then verify that the proper Data type is selected. Press the "OK" button to add the certificate, which will now appear in the displayed list.
Exit the ikeyman tool, and restart the WAS CE server.