This topic explains the necessary steps to import the public WebSphere Application
Server
certificate into the IBM HTTP Server
plug-in.
Procedure
-
From the WebSphere Application
Server Integrated
Solution Console, click .
- Select the NodeDefaultKeyStore check box and click its link to
open it.
- Click Personal certificates, select the default check box, and
then click Extract.
- Save the extracted file with a .arm extension and a
meaningful name, for example, c:\temp\jts_appserver.arm. Make note of the
location.
- Leave the encoding set to Base64, and then click
OK.
- Copy the previously extracted .arm files to your HTTP Server
directory:
- On AIX®:
/usr/IBM/HTTPServer/Plugins/config/webserver1
- On Linux®:
/opt/IBM/HTTPServer/Plugins/config/webserver1
- On Windows: C:\Program
Files\IBM\HTTPServer\Plugins\config\webserver1
-
Repeat the steps 1 through 6 for each WebSphere Application
Server in your
environment.
- Start the IKEYMAN graphical user interface to import the Application Server Signer
certificates.
-
On Linux or AIX:
Navigate to the <HTTPServer_Install_Dir>/bin directory and type ikeyman at
the command-line window.
- On Windows: Go to the start menu and select
Start Key Management Utility.
- Click , and select a key database type of CMS. Specify the
plugin-key.kdb file as the file name, and specify the file path to the .kdb
file. For example, enter C:\Program
Files\IBM\HTTPServer\Plugins\config\webserver1\plugin-key.kdb.
-
Click OK, and enter the password. The default password from WebSphere Application
Server is
WebAS (case sensitive).
- Click , and then click
Add.
- Browse for the file that you extracted in step 4
(jts_appserver.arm), select it, and then click
OK.
- Enter a label name, and click OK.
-
Repeat steps 11,
12, and 13 for each WebSphere Application
Server
certificate that you copied in step 6.
- Save and exit.
-
Restart the IBM HTTP Server to apply
the changes.