Configuring the client-side collection certificate store using the administrative console

You can configure the client-side collection certificate store by using the administrative console.

1. Connect to the WebSphere Application Server administrative console.

   You can connect to the administrative console by typing http://localhost:port_number/ibm/console in your web browser unless you have changed the port number.

2. Click Applications > Application Types > WebSphere enterprise applications > application_name.
3. Under Manage modules, click URI_name.
4. Under Web Services Security Properties, click Web services: Client security bindings to add the collection certificate store to the client security bindings.
   If you do not see any entries, return to the assembly tool and configure the security extensions for either the client or the server.

   To configure the security extensions for the client, see the following topics:

   • Configuring the client for response digital signature verification: verifying the message parts
   • Configuring the client for response digital signature verification: choosing the verification method
5. Under Response receiver binding, click Edit to edit the client security bindings.
6. Click Collection certificate store.
7. Click a Certificate store name to edit an existing certificate store or click New to add a new certificate store name.
8. Enter a name in the Certificate store name field.
   The name entered in this field is a name that is referenced in the Certificate store field on the Signing information configuration page.
9. Leave the Certificate store provider field value as IBMCertPath.
10. Click Apply.
11. Under Additional properties, click X.509 certificates > New.
12. Enter the path to your certificate store.
    For example, the path might be: ${USER_INSTALL_ROOT}/etc/ws-security/samples/intca2.cer. If you have any additional certificate store paths to enter, click New and add the path names.
13. Click OK.