This topic applies only to the IBM Business Process Manager Advanced configuration.

Certificate management (deprecated)

WebSphere DataPower appliances require a Secure Socket Layer (SSL) connection with all clients, including IBM® Integration Designer. Each appliance provides a self-signed certificate to establish that secured connection. Before you can connect to the appliance, you must import the certificate into the IBM Integration Designer Java Virtual Machine (JVM) truststore .

The first time you try to connect to an appliance from the DataPower Appliances view, the Trust the Certificate window opens. It prompts you to trust the certificate in order to complete the connection to the appliance. If the appliance host name does not exactly match the host name specified in the certificate, the Trust the Certificate window indicates the mismatch. (This mismatch does not prevent a successful connection.)

You can view the certificate details by clicking View Certificate. If you are satisfied with the certificate information, click Trust Certificate. The certificate is imported into the JVM truststore (by default, WID_Install_Dir\jdk\jre\lib\security\cacerts) and saved using the alias com.ibm.wbit.wdp_NNN (where NNN is a 13-character unique ID). IBM Integration Designer can now establish a secure connection to the appliance.

Note: If you decide not to trust the certificate, the appliance definition is still added to the Appliances tab, but you cannot connect to the appliance until you trust the certificate. The Trust the Certificate window is displayed each time you attempt to use the appliance definition until you accept the certificate.

If the certificate changes on the appliance, the next connection attempt fails. You must examine and trust the updated certificate before you can connect to the appliance.

Deleting a certificate

To delete a certificate from the truststore, use the IBM ikeyman tool provided with the JVM (located in theWID_Install_Dir\eclipse\jdk\jre\bin directory). Remember that the certificates in the truststore are saved under an alias in the Signer Certificate list. If you are removing a certificate from the default JVM truststore, you might be prompted for the password. Unless you have changed it, the default password is changeit.