Download a certificate authority's (CA) root certificate. After you download the certificate, you must add it to the WebSphere
® Application Server truststore. For connections to AOL, download the Equifax Secure CA because this certificate is used by both communities. For connections to XMPP communities, you must determine what root certificate, if any, is being used, and then check to see if WebSphere
Application Server already recognizes the certificate, and, if necessary, download and add the certificate to your truststore.
About this task
XMPP communities are free to use either a TLS/SSL or TCP connection, so a certificate may not be needed. If the XMPP community is using TLS/SSL, the root certificate CA may already be in the WebSphere
Application Server truststore. If not, you must obtain it.
- To obtain the same certificate used by AOL:
- Go to http://www.geotrust.com/resources/root_certificates/index.asp and download the Equifax Secure Certificate Authority.
- In the list of certificates, navigate to the following:
All other SSL certificates except for Quick SSL:
Equifax Secure Certificate Authority
- Select the following download:
Download - Equifax Secure Certificate Authority (Base-64 encoded X.509)
- Add this root CA to your WebSphere Application Server truststore (see next step in setting up SSL).
- AOL users require additional certificates:
- Navigate to https://pki-info.aol.com/AOL/ and download both the "America Online Root CA 1" certificate and the "America Online Root CA 2" certificate.
- Navigate to https://pki-info.aol.com/AOLMSPKI/index.html and download the "AOL Member CA" certificate.
- To obtain a root certificate used by a XMPP community:
- Check with the XMPP community to determine which trusted certificate authority they are using.
- Determine if WebSphere Application Server supports the certificate.
- If the certificate is recognized, there's nothing more to do on this step.
- If the certificate is not recognized, obtain the certificate from the CA and add it to your truststore (see next step in setting up SSL).
What to do next
If for any reason the root certificate authority for an instant messaging community changes or you add an additional instant messaging community to your Sametime Gateway, you must explicitly add the new root CA to your WebSphere
Application Server truststore.
Parent topic: Setting up SSL on a cluster
Previous topic: Defining the SSL configuration for a cluster
Next topic: Adding a trusted CA certificate to the keystore