Certificate setup
If security is enabled when you discover WebSphere® Application Server, you must set the SSL certificates in the access list entries. Agile Service Manager supports PKCS12 and JKS certificate store types. The truststore and keystore files must be present on the computer that runs the Agile Service Manager console, not on the Agile Service Manager server.
- PKCS12
- $PROFILE_HOME/etc/trust.p12
- $PROFILE_HOME/etc/key.p12
- JKS
- $PROFILE_HOME/etc/DummyClientTrustFile.jks
- $PROFILE_HOME/etc/DummyClientKeyFile.jks
Agile Service Manager requires a truststore with signer certificate only for connecting with DMGR, in the case of WebSphere Application Server Network Deployment (ND), and server1, in the case of a stand-alone server.
Because of the restrictions of the JMX protocol, which is used to retrieve data from WebSphere Deployment Manager or from a stand-alone server,
Agile Service Manager can handle only one
truststore file for a single discovery. The certificates that are stored in the truststore file are
loaded when the connection with WebSphere Application
Server is established. Only those certificates can be used by Agile Service Manager during the entire
discovery, so if certificates from several truststores are required, do not attach them separately
into the access list. You must export the original truststores to a single file, either manually or
through a collectwascerts script that is bundled with Agile Service Manager. When all necessary entries
for each WebSphere server are in the Agile Service Manager access list, the first one
must have the exported truststore and keystore files attached. There is always one entry for each
different login and password combination for the discovered WebSphere servers.