Adding a signer certificate to a keystore
Signer certificates establish the trust relationship in SSL communication. You can extract the signer part of a personal certificate from a keystore, and then you can add the signer certificate to other keystores.
Before you begin
Alternative Method: To add a signer certificate to a keystore by using the
wsadmin tool, use the addSignerCertificate command of the AdminTask object. For more
information, see the SignerCertificateCommands
command group for the AdminTask object topic.
Note: If the security custom property
com.ibm.websphere.security.OverwriteAndReplaceOnImport is set to true then import
certificate imports a certificate and overwrites an existing certificate. It then perform the
certificate replace operation on that certificate. Typically, an existing certificate cannot be
overwritten by a certificate that is being imported. The task also replaces all signer certificates
from the original certificate and replaces them with the signer certificate from the new certificate
that is being imported
About this task
Procedure
- Click Security > SSL certificate and key management > Key stores and certificates.
- Select a keystore from the list of keystores.
- Click Signer certificates.
- Click Add.
- Enter an alias for the signer certificate in the Alias field
- Enter the full path to the signer certificate file in the File name field.
- Select a data type from the list in the Data type field.
- Click Apply.