Creating a single truststore with the collectwascerts script

Agile Service Manager can use only one truststore file for a single discovery. If you want to use certificates from several truststores, you must export those truststores to a single file. You can use the collectwascerts script that downloads the certificates to export them.

Procedure

  1. Edit the $COLLATION_HOME/bin/collectwascerts.config file.

    Add a line for each WebSphere® server from which you want to download the certificates. For distributed cells, you need only certificates from the deployment manager (DMGR) to run a successful discovery. If you start a line with a number sign (#), it is treated as a comment and is not processed.

    Each line must have the following format: 
    <Server IP/HOSTNAME/FQDN><SOAP port number><username><password>
    156.24.24.11 8879 wasadmin waspassword

    You can find the value of the SOAP port number in the Ports section of DMGR or server panel in the WAS administration console. The exact name is SOAP_CONNECTOR_ADDRESS.

  2. Run $COLLATION_HOME/bin/collectwascerts.sh (or $COLLATION_HOME/bin/collectwascerts.bat) on your Agile Service Manager host, even if the collectwascerts.config file has no entries. The file might not have any entries because all the WAS servers can be reached from the anchor servers only.

    All retrieved certificates are stored in $COLLATION_HOME/bin/collectedwascerts.jks. The passphrase is written by the tool to the standard output. You can also read it from the com.collation.sslpassphrase property in $COLLATION_HOME/etc/collation.properties.

    Complete the optional steps only if your WAS environments are not accessible directly from your Agile Service Manager server.

  3. Optional: Copy the collectedwascerts.jks file from the Agile Service Manager host to your first anchor.

    Copy the file to the bin directory that contains the collectwascerts.config, collectwascerts.bat, and collectwascerts.sh files.

  4. Optional: Run collectwascerts.sh (or collectwascerts.bat) on the anchor host.
  5. Optional: Copy collectedwascerts.jks from the anchor host to the next anchor.

    Copy the file to the bin directory that contains the collectwascerts.config, collectwascerts.bat, and collectwascerts.sh files.

  6. Optional: Run collectwascerts.sh (or collectwascerts.bat) on the next anchor host.
  7. Optional: Repeat steps 5 and 6 for all your anchors.
  8. Attach the collectedwascerts.jks file from the last anchor, or from your Agile Service Manager host if you do not use the script on anchors, to your WebSphere access list entry as a truststore. The SSL type of this file is JKS. Use the passphrase described in step 2.