Configuring the IBM® JRE to talk to a secured WebSphere Application Server

You must follow the steps in this topic if you want to use the web services wizard to retrieve an HTTPS WSDL or if you want to use the Web Services Explorer against a secured WebSphere® Application Server. If you encounter an error similar to Error opening socket: javax.net.ssl.SSLHandshakeException: unknown certifcate this task will resolve the issue. This occurs because WebSphere Application Server uses a security certificate for negotiating secured connections that other JRE-based applications do not normally share.

About this task

To configure your JRE to accept the WebSphere Application Server certificate:

Procedure

  1. Launch the ikeyman tool from your eclipse JRE. This is located in the following location within your WebSphere Application Server install directory: install_dir\java\jre\bin\ikeyman.exe. The default install locations for the servers are:
    • WebSphere Application Server v6.x: Rational_install_dir\runtimes\base_v6x
    • WebSphere Application Server v7.0: Rational_install_dir\runtimes\base_v7
  2. Click the Open a key database file icon:
    screen capture of the "open a key database file" icon
  3. In the window that opens, click Browse and locate the DummyClientTrustFile.jks in your WebSphere Application Server profile. The default location may be similar to . install_dir\profiles\profile_name\etc\DummyClientTrustFile.jks Click OK when you have found the file.
    Screen capture of the DummyClientTrustFile.jks
  4. You will be prompted for a password. Enter WebAS.
  5. Select Signer Certificates from the drop-down list, and then select default_signer and click Extract.
  6. Note the location and name of the certificate because it will be required in later steps. Click OK to save the file.
  7. Click the Open a key database file icon again, and browse to the Eclipse JRE cacerts. This file is located here: install_dir\java\jre\lib\security\cacerts.
  8. When prompted for a password enter changeit.
  9. Click Add, and browse to the file that you saved earlier. You may have to set the file types field to All Files. Click OK when the correct file has been selected in the Open window.
  10. Enter a label for the certificate.

Results

The JRE can now accept the server certificate automatically. Note that the certificate might restrict to the same host name on the certificate (this would be the host name including domain).
Feedback