You can manage
keystores remotely in a WebSphere® Application Server Network Deployment
environment on separate machines. A node server can hold the configuration
for a keystore, while the actual keystore resides on another system.
After you set up a remotely managed configuration, you can perform
all of the certificate and keystore operations for the keystore on
the remote machine from the server that contains the keystore remote
configuration.
Before you begin
Key stores can be
remotely managed only in network deployed
environments.Alternative Method: To
manage a self-signed certificates by using the wsadmin tool, use the PersonalCertificateCommands group
commands of the AdminTask object. For more information, see the PersonalCertificateCommands
command group for the AdminTask object article.
About this task
Complete
the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration >
Key stores and certificates.
- Click New.
- Type a name in the Name field.
This
name
uniquely identifies the keystore in the configuration.
- Type the location of the keystore file in the Path field.
The location can be a file name or a file Uniform Resource Locator
(URL) to an existing keystore file.
- Type the
keystore password in the Password field.
This password
is for the keystore file that you specified in
the Path field.
- Type the keystore password
again in the Confirm Password field
to confirm the password.
- Select a keystore
type from the list.
The type
you select is for the keystore file that you specified in the Path field.
- Select the Remotely managed check box, and
then
fill in one or more hosts names of the systems where the keystore
file is to be located. If you provide multiple host names, separate
the host names with a pipe (|).
- Select
any of the following optional selections:
- The Read
only selection creates a keystore configuration
object but does not create a keystore file. If this option is selected,
the keystore file that you specified in the Path field must
already exist.
- The Initialize at startup selection initializes
the
keystore during run time.
- Select Apply and Save.
Results
A keystore configuration object is created
on the server from
where the command was run. The keystore file for the configuration
will be created on each system that you specified in the host list.
What to do next
Now, you can perform all certificate management operations
on the keystore from the system where the keystore configuration resides.
For example, you can perform certificate management operations, such
as: creating a self-signed certificate, extracting a certificate,
or extracting a signer certificate.