Sample Use Case: Adding a PEM Certificate with key into IBM Connect:Direct Web Service Keystore

Follow the procedure given below to add a PEM formatted (.crt) certificate into Web Service's Key Store.

With v6.1, IBM® Connect:Direct® Web Service extends its web console capabilities to support Keystore/Truststore management. For a UI walk-through on how to add a PEM certificate into IBM Connect:Direct Web Service Keystore see, IBM MediaCenter.

Ensure that you've installed OpenSSL before you begin configuring the Keystore/Truststore. For the OpenSSL 3.0.0 release, and later releases derived from that, the Apache License v2 applies. Any release made before OpenSSL 3.0.0, the dual OpenSSL and SSLeay license applies.

  1. Obtain the PEM-encoded certificate.
  2. Execute the following OpenSSL command to create a PKCS12 (.p12) file. Administrator is prompted to enter key.pem pass phrase if the key is found to be encrypted.

    openssl pkcs12 -export -name <Certificate_Alias_Name> -in <PEM_Certificate> -inkey
    <key.pem> -out <Keystore_NAME>.p12
    Enter pass phrase for key.pem:
    Enter Export Password:
    Verifying - Enter Export Password:
  3. Execute the following command to import the CA-signed certificate into the IBM Connect:Direct Web Service Keystore.
    keytool -importkeystore -srckeystore <sourceKeystore> -destkeystore <CDWS_Keystore> -deststorepass 
    <CDWS_KeystorePassword> -deststoretype jks -alias <Certificate_Alias_Name> -srcstorepass <sourceKeystorePassword> -srcstoretype pkcs12 
  4. Edit application.properties file and change the value of server.ssl.key-alias property with <Certificate_Alias_Name> to be used by Connect:Direct Web Services.
  5. Execute the ChangeKeystoreTruststoreAndUpdatePassword.jar file available at mftws/BOOT-INF/classes.
    java -jar ChangeKeystoreTruststoreAndUpdatePassword.jar 
    
    Enter Admin Password:
    Please Select from below options:
    1. Type K and Enter to Change Keystore OR Sync Keystore Password with CDWS.
    2. Type T and Enter to Change Truststore OR Sync Truststore Password with CDWS.
    3. Type C and Enter to Sync Key Certificate Password with CDWS.
    4. Type Q and Enter to Exit.
    Enter your Choice: K
    Enter the complete path of Keystore: (including fileName(.jks)):
    Enter Keystore Password:
    Confirm Password:
    Keystore details updated successfully
    Press Y to Continue OR Q to Exit:Q
    Exiting the Utility.
    
  6. Depending on your environment type, issue one of the following commands:
    • In Windows, stop and start MFTWebservices from the Task manager for changes to take effect.
    • In UNIX, issue the following command to stop and start MFTWebServices for changes to take effect.
    % ./$CDWS_INSTALLATION_DIR$/bin/stopWebservice.sh
    % ./$CDWS_INSTALLATION_DIR$/bin/startWebservice.sh