Sample Use Case: Adding a PEM Certificate with key into IBM Connect:Direct Web Service Keystore
Follow the procedure given below to add a PEM formatted (.crt) certificate into Web Service's Key Store.
With v6.1, IBM® Connect:Direct® Web Service extends its web console capabilities to support Keystore/Truststore management. For a UI walk-through on how to add a PEM certificate into IBM Connect:Direct Web Service Keystore see, IBM MediaCenter.
Ensure that you've installed OpenSSL before you begin configuring the Keystore/Truststore. For the OpenSSL 3.0.0 release, and later releases derived from that, the Apache License v2 applies. Any release made before OpenSSL 3.0.0, the dual OpenSSL and SSLeay license applies.
- Obtain the PEM-encoded certificate.
-
Execute the following OpenSSL command to create a PKCS12 (.p12) file. Administrator is prompted to enter key.pem pass phrase if the key is found to be encrypted.
openssl pkcs12 -export -name <Certificate_Alias_Name> -in <PEM_Certificate> -inkey <key.pem> -out <Keystore_NAME>.p12 Enter pass phrase for key.pem: Enter Export Password: Verifying - Enter Export Password:
- Execute the following command to import the CA-signed certificate into the IBM Connect:Direct
Web Service Keystore.
keytool -importkeystore -srckeystore <sourceKeystore> -destkeystore <CDWS_Keystore> -deststorepass <CDWS_KeystorePassword> -deststoretype jks -alias <Certificate_Alias_Name> -srcstorepass <sourceKeystorePassword> -srcstoretype pkcs12
- Edit application.properties file and change the value of
server.ssl.key-alias
property with<Certificate_Alias_Name>
to be used by Connect:Direct Web Services. - Execute the
ChangeKeystoreTruststoreAndUpdatePassword.jar
file available atmftws/BOOT-INF/classes
.java -jar ChangeKeystoreTruststoreAndUpdatePassword.jar Enter Admin Password: Please Select from below options: 1. Type K and Enter to Change Keystore OR Sync Keystore Password with CDWS. 2. Type T and Enter to Change Truststore OR Sync Truststore Password with CDWS. 3. Type C and Enter to Sync Key Certificate Password with CDWS. 4. Type Q and Enter to Exit. Enter your Choice: K Enter the complete path of Keystore: (including fileName(.jks)): Enter Keystore Password: Confirm Password: Keystore details updated successfully Press Y to Continue OR Q to Exit:Q Exiting the Utility.
- Depending on your environment type, issue one of the following commands:
- In Windows, stop and start MFTWebservices from the Task manager for changes to take effect.
- In UNIX, issue the following command to stop and start MFTWebServices for changes to take effect.
% ./$CDWS_INSTALLATION_DIR$/bin/stopWebservice.sh % ./$CDWS_INSTALLATION_DIR$/bin/startWebservice.sh