Learn how to create signed certificates for a high availability disaster recovery (HADR)
hybrid deployment.
About this task
Complete the following steps to configure WebSphere®
Application Server certificates. Set up
certificate authority (CA) signed certificates for WebGUI load
balancing.
Procedure
- Create certificate signing requests (CSRs) on both WebSphere
Application Server servers. On the WebSphere
Application Server console, go to
. Complete the required fields. Ensure
that the common name value is set to your DASH domain
name.
- Generate a signed server certificate. Sign your CSR with an approved CA authority, which
creates a signed server certificate. Complete this step for the CSR on the primary and backup
DASH
servers.
- Import the correct signed server certificate on each DASH server. On both
DASH
servers, go to
.
- Import the intermediate and root CA certificates.
- Add the intermediate CA certificates to the WebSphere
Application Server keystores. On both DASH servers, add the
intermediate CA certificate. Go to and add the intermediate
certificate.
- Add the root CA certificates to the WebSphere
Application Server keystores. On both DASH servers, add the
root CA certificate. Go to and add the root certificate.
- Update WebSphere
Application Server
to use the new certificates.
Ensure
that the certificates you uploaded to DASH are selected as
the default certificates. Go to . Select the
default server certificate alias and default client certificate alias to be the aliases of the new
certificates. Go to . For inbound
connections, set the Certificate alias in key store to the certificate that was
added to the keystore.
- Restart all DASH server
nodes.
What to do next
Server and cluster certificates need to be regenerated manually each
time one of the following milestones are reached.
- Server certificates have expired.
- Root Certificate Authority (CA) certs are renewed or refreshed.
- Intermediate CA certs are renewed or refreshed.
To regenerate certificates, repeat the certificate setup steps.