A plug point is provided to allow users to connect to a
certificate authority (CA) to request, query, and revoke certificates.
A security configuration object, called a CAClient, must be created
for WebSphere® to communicate with the CA.
The CAClient object must contain a WSPKIClient() implementation, and
it will handle the connection and communicate with the CA server.
Users can also create there own implementation.
Before you begin
The WSPKIClient interface must be implemented and the class
name provided as part of the CAClient when it is created.
You use
the administrative console to create a new CA client.
Procedure
- Click Security > SSL certificate and key management.
- Click Certificate Authority (CA) client configurations.
A panel of existing CA clients appears.
- Click New to create a new CA client in the configuration.
Note: You can also create a CA client by using the createCAClient AdminTask
.
-
Enter the following information for the CA client
- Name of the CA client.
- The management scope (selected from the drop-down list).
- WSPKIClient implementation class.
- CA server host name.
- User name.
- Password.
- Confirm of password.
- Number of times to poll.
- Polling interval (in minutes) when requestin certificates.
- Custom properties.
- Click Apply then OK.
Results
The information in the object can then be used by the runtime
to connect to a CA to create, revoke, or replace a certificate.