Deploying a client SSL certificate

After you obtain the client SSL certificate, you must deploy the certificate to the Content Platform Engine server.

Deploying a client certificate on WebSphere

WebSphere supports directly deploying a certificate file.

Procedure

To deploy a client certificate from a file:

  1. Copy the certificate file that you obtained to a folder on the Content Platform Engine server.
    For example, copy the server.crt file to the C:\IBM\keystore or the /IBM/keystore directory.
  2. On the Content Platform Engine server, log in to the WebSphere Integrated Solutions Console.
  3. Click Security > SSL certificates and key management.
  4. Open the Signer Certificates page:
    Option Description
    WebSphere Application Server Network Deployment

    Click Key stores and certificates > CellDefaultTrustStore > Signer certificates.
    WebSphere Stand-alone Click Key stores and certificates > NodeDefaultTrustStore > Signer certificates > .
  5. Click Add.
  6. In the Alias field, enter a certificate alias name.
    The alias represents the certificate in the keystore.
    For example, enter myserver.
  7. In the File Name field, enter the file name and path to the certificate that you obtained.
    For example, enter C:\IBM\keystore\server.crt or /IBM/keystore/server.crt.
  8. For the Data Type field, select Base64-encoded ASCII data.
  9. Click Apply, and then click Save.
  10. Synchronize your changes to all nodes in the cluster.
    1. Click System Administration > Nodes.
    2. Select all nodes in the cluster, and then click Full Resynchronize.

What to do next

Tip: You do not need to restart the server.

Deploying a client SSL certificate on WebLogic

After you obtain the client SSL certificate, you must deploy the certificate to the Content Platform Engine server.

Procedure

  1. Copy the server.crt file to a folder on the Content Platform Engine server.
    For example, copy the file to the C:\IBM\keystore or the /IBM/keystore directory.
  2. Configure WebLogic to use the Java standard trust as its default trust keystore.
    1. Log in to the WebLogic administrative console.
    2. Navigate to Environment > Servers > server name.
    1. Click the Configuration tab.
    2. Click the Keystores tab.
    3. For the Keystores list, click Change.
    4. Select the Custom Identity and Java Standard Trust option.
    5. Click Save.
    6. In the Keystores tab, note the value for Java Standard Trust Keystore, such as drive:/bea/jdk160_21/jre/lib/security/cacerts.
  3. On the Content Platform Engine server, import the client SSL certificate into the truststore by using the following command: 
    keytool -import -alias myserver -file mypath/server.crt
 -keystore drive:/bea/jdk160_21/jre/lib/security/cacerts -storepass password

    myserver is the alias for the certificate

    mypath/server.crt is the path to the certificate file

    drive:/bea/jdk160_21/jre/lib/security/cacerts is the path to the truststore

    password is the truststore password

  4. Verify that the certificate was added to the truststore by using the following command: 
    keytool -list -v -alias myserver
 -keystore drive:/bea/jdk160_21/jre/lib/security/cacerts -storepass password
  5. Modify the WebLogic start-up script to add the following JVM argument to the Java command line: 
    -DUseSunHttpHandler=true
  6. Restart the server.