IBM Support

Establishing trust relationships between web application servers

Product Documentation


Abstract

This document provides IBM Content Collector 4.0.1.10 Interim Fix 005 Knowledge Center update on how to establish a trust relationship between embedded WebSphere Application Server Liberty on the IBM Content Collector server and the external web application servers.

Content

Sections of this document

  1. IBM WebSphere Application Server
    1. Extracting and importing IBM WebSphere Application Server certificate
    2. Importing embedded web application server certificate
  2. IBM WebSphere Application Server Liberty
    1. Extracting and importing IBM WebSphere Application Server Liberty certificate
    2. Extracting and importing external WebSphere Application Server Liberty certificate
  3. Using ikeyman tool
    1. To extract
    2. To import
The Knowledge Center page, Establishing trust relationships between web application servers is updated as part of IBM Content Collector (ICC) 4.0.1.10 Interim fix 005.
Updated section: Procedure
Divided the existing procedure into two sections.
The following two sections provide the steps for establishing a trust relationship between embedded WebSphere Application Server Liberty and:
  1. With IBM WebSphere Application Server
  2. With IBM WebSphere Application Server Liberty

I. IBM WebSphere Application Server

Perform the following to establish a trust relationship with the IBM WebSphere Application Server.
Note: In this section, <ICC_INSTALL_DIR> refers to the ICC installation path.
A. Extracting and importing IBM WebSphere Application Server certificate
You need to extract the IBM WebSphere Application Server certificate and import it on the embedded web application server.
  1. Start the IBM WebSphere Application service.
  2. Open the administrator console URL in a web browser: https://server:11043/ibm/console/login.do
    Here, server is the hostname of the external WebSphere Application Server.
  3. Go to Security and click SSL certificate and key management.
    1. Select Key stores and certificates under Related Items.
    2. Click NodeDefaultTrustStore.
    3. Click Signer certificates under Additional Properties.
    4. Select the default server certificate and click Extract.
    5. Enter a file name in General Properties and click OK.
  4. Go to the file path where the certificate is extracted.
  5. Copy the certificate and put it on the embedded web application server.
  6. Import the certificate in key.p12 keystore on the embedded web application server using the ikeyman tool.
    <ICC_INSTALL_DIR>/AFUWeb/wlp/usr/servers/AFUWeb/resources/security/key.p12
    Note: Refer to section III.B. Using ikeyman tool to import, in this document below.
B. Importing embedded web application server certificate
Now you need to import the embedded web application server certificate on the external web application server.
  1. Follow the steps given in I.A.1 to I.A.3.c.
  2. Click Retrieve from port.
  3. Fill in the following fields in General Properties.
    1. Host: Enter the hostname of the ICC server.
    2. Port: Enter the port number. The default port number is 11443.
    3. Alias: Specify a name for the certificate and click Retrieve signer information.
  4. Click OK and restart both the web application servers.

II. IBM WebSphere Application Server Liberty

Perform the following to establish a trust relationship with the IBM WebSphere Application Server Liberty.
Note: In this section:
  • <ICC_INSTALL_DIR> refers to the ICC installation path.
  • <WLP_INSTALL_DIR> refers to the location of external Liberty.
A. Extracting and importing IBM WebSphere Application Server Liberty certificate
You need to extract the IBM WebSphere Application Server Liberty certificate and import it on the external web application server.
  1. Open the key.p12 keystore on the ICC server using the ikeyman tool.
    <ICC_INSTALL_DIR>/AFUWeb/wlp/usr/servers/AFUWeb/resources/security/key.p12
    Note: Refer to the Using ikeyman tool section, in this document below.
  2. Extract the default server certificate from Personal Certificates.
    Note: Refer to section III.A. Using ikeyman tool to extract, in this document below.
  3. Copy the certificate and put it on the external WebSphere Application Server Liberty.
  4. Open the key.p12 keystore on the external WebSphere Application Server Liberty:
    <WLP_INSTALL_DIR>/usr/servers/AFUWeb/resources/security/key.p12
  5. Import the certificate copied in step II.A.3 to Signer Certificates.
    Note: Refer to section III.B. Using ikeyman tool to import, in this document below.
B. Extracting and importing external WebSphere Application Server Liberty certificate
Now you need to extract the external web application server certificate and import it on the IBM WebSphere Application Server Liberty.
  1. Open the key.p12 keystore on the external IBM WebSphere Application Server Liberty using the ikeyman tool.
    <WLP_INSTALL_DIR>/usr/servers/AFUWeb/resources/security/key.p12
    Note: Refer to the Using ikeyman tool section, in this document below.
  2. Extract the default server certificate from Personal Certificates.
    Note: Refer to section III.A. Using ikeyman tool to extract, in this document below.
  3. Copy the certificate and put it on the ICC server.
  4. Open the key.p12 keystore on the ICC server:<ICC_INSTALL_DIR>/AFUWeb/wlp/usr/servers/AFUWeb/resources/security/key.p12
  5. Import the certificate copied in step II.A.3 to Signer Certificates.
    Note: Refer to section III.B. Using ikeyman tool to import, in this document below.
  6. Restart both the web application servers.

III. Using ikeyman tool

A. To extract

  1. Navigate to this path: <ICC_INSTALL_DIR>/AFUWeb/wlp/usr/servers/AFUWeb/resources/security.
  2. Run the ikeyman tool.
  3. Click Open and modify the following:
    1. Change the Key database type to PKCS12.
    2. Edit the File Name to key.p12.
  4. Click OK and enter the password, which is Passw0rd. (numeric value 'zero')
  5. Select Personal Certificates to extract the certificate, and click Extract.
  6. Close the ikeyman tool.

B. To import

  1. Navigate to<ICC_INSTALL_DIR>/AFUWeb/wlp/usr/servers/AFUWeb/resources/security.
  2. Run the ikeyman tool.
  3. Click Open and modify the following:
    1. Change the Key database type to PKCS12.
    2. Edit the File Name to key.p12.
  4. Click OK and enter the password, which is Passw0rd. (numeric value 'zero')
  5. Select Signer Certificates from the drop-down values of Key database content field.
  6. Specify a name for the label.
  7. Close the ikeyman tool.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSAE9L","label":"Content Collector"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"4.0.1.10","Edition":"Interim Fix 5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
12 November 2019

UID

ibm11103247

Page Feedback