Setting ssl certificate in Websphere 8.5.5.0 for CLM
Hello, to all employees.
I have integrated the CLM with WebSphere, which is presenting problem when I install the SSL certificate using ikeyman. Generated a request and sign from DC server. Receiving the certificate, restart the WebSphere and do not take.
My Email: dbolges@argentuminc.com
Thank you can help me.
I have integrated the CLM with WebSphere, which is presenting problem when I install the SSL certificate using ikeyman. Generated a request and sign from DC server. Receiving the certificate, restart the WebSphere and do not take.
My Email: dbolges@argentuminc.com
Thank you can help me.
2 answers
Good morning.
My Server is a Linux CLM. These are the steps I have taken so far:
a) Enter the path where the script. Cd / opt / IBM / WebSphere / AppServer / bin
b) Once the route you run the script. ./ikeyman.sh
c) In the IBM Key Management tool created a JKS key database file type in the path: / opt / IBM / WebSphere / AppServer / etc.
d) once in the Key database content. Select the certificate requests personal choice and gender new one.
e) I take certreq.arm and generated the certificate from my company CA.
f) I'll certified personal choice. I select the option to receive, seek and receive the certificate.
g) Once the certificate is received. ./stopServer.sh Run server1 to stop the service and then ./startServer.sh server1 to start it.
h) I go to a browser with the URL of the server and the certificate https://serverclm.dominio.com:9443/jts/admin remains the same for the first time. this is what tells me:
There is a problem with this website’s security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Recommended iconClick here to close this webpage.
Not recommended iconContinue to this website (not recommended).
More information More information
My Server is a Linux CLM. These are the steps I have taken so far:
a) Enter the path where the script. Cd / opt / IBM / WebSphere / AppServer / bin
b) Once the route you run the script. ./ikeyman.sh
c) In the IBM Key Management tool created a JKS key database file type in the path: / opt / IBM / WebSphere / AppServer / etc.
d) once in the Key database content. Select the certificate requests personal choice and gender new one.
e) I take certreq.arm and generated the certificate from my company CA.
f) I'll certified personal choice. I select the option to receive, seek and receive the certificate.
g) Once the certificate is received. ./stopServer.sh Run server1 to stop the service and then ./startServer.sh server1 to start it.
h) I go to a browser with the URL of the server and the certificate https://serverclm.dominio.com:9443/jts/admin remains the same for the first time. this is what tells me:
There is a problem with this website’s security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Recommended iconClick here to close this webpage.
Not recommended iconContinue to this website (not recommended).
More information More information
Hi Deivy
Is the default self signed certificate still on the Keystore. Once you have received the certificate, you have to replace the default certificate. Here is link on receiving the certificate.
http://www-01.ibm.com/support/knowledgecenter/SSEQTP_8.0.0/com.ibm.websphere.base.doc/info/aes/ae/tsec_sslreceiveCAcert.html
Once you import the certificate you have to replace the default with the CA certificate. Select the default certificate and click Replace, select the imported CA certificate and check the option to delete the old signers ...
Is the default self signed certificate still on the Keystore. Once you have received the certificate, you have to replace the default certificate. Here is link on receiving the certificate.
http://www-01.ibm.com/support/knowledgecenter/SSEQTP_8.0.0/com.ibm.websphere.base.doc/info/aes/ae/tsec_sslreceiveCAcert.html
Once you import the certificate you have to replace the default with the CA certificate. Select the default certificate and click Replace, select the imported CA certificate and check the option to delete the old signers ...
Comments
Donald Nong
May 11 '15, 8:30 p.m.What does "do not take" mean? WebSphere still uses the default certificate? Or somewhere in the communication channel the new certificate gets rejected? Have you put the certificate of the DC server into the trust store? It may be easier for others to help you if you can give detailed steps what you have done.