IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Adding the directory server SSL certificate to WebSphere Application Server

If the directory server connection is SSL enabled, you must add the certificates from the directory server to WebSphere® Application Server. Retrieving the certificate ensures that you can establish a connection between the directory server and WebSphere Application Server. Ensure that the SSL connection is successful before you configure the IMS Server for directory servers.

Before you begin

Prepare the directory server.
Configure the directory server for SSL. For more information, see the directory server documentation.
Start the directory server.
Prepare the WebSphere Application Server.
Start the WebSphere Application Server.
Ensure that the host names between the computers can be resolved.
Ensure that you can log on with WebSphere Application Server administrator privileges.

About this task

This task applies only to directory servers with SSL enabled.

Procedure

Log on to the WebSphere Application Server administrator console.
In the navigation panel, click Security > SSL certificate and key management.
Under Related Items, click Key stores and certificates.
Open the truststore.
For stand-alone deployments

Click NodeDefaultTrustStore.

For network deployments

Click CellDefaultTrustStore.
Under Additional Properties, click Signer Certificates.
Click Retrieve from port.
Specify the following fields:
Host

Type the host name, IP or fully qualified domain name of the directory server.

Port

Type the SSL port number for the directory server. The typical SSL port number is 636.

Alias

Type the certificate alias name to reference the signer in the configuration. For example: myldap1
Click Retrieve signer information. Information about the SSL signer information is displayed.
Click OK.
In the Messages box, click Save.
For network deployment, resynchronize the nodes.

Feedback