It's all about the answers!

Ask a question

Setting ssl certificate in Websphere 8.5.5.0 for CLM


Deivy Bolges (1527) | asked May 11 '15, 5:40 p.m.
Hello, to all employees.
I have integrated the CLM with WebSphere, which is presenting problem when I install the SSL certificate using ikeyman. Generated a request and sign from DC server. Receiving the certificate, restart the WebSphere and do not take.

My Email: dbolges@argentuminc.com

Thank you can help me.

Comments
Donald Nong commented May 11 '15, 8:30 p.m.

What does "do not take" mean? WebSphere still uses the default certificate? Or somewhere in the communication channel the new certificate gets rejected? Have you put the certificate of the DC server into the trust store? It may be easier for others to help you if you can give detailed steps what you have done.

2 answers



permanent link
Deivy Bolges (1527) | answered May 12 '15, 9:07 a.m.
Good morning.
My Server is a Linux CLM. These are the steps I have taken so far:
a) Enter the path where the script. Cd / opt / IBM / WebSphere / AppServer / bin
b) Once the route you run the script. ./ikeyman.sh
c) In the IBM Key Management tool created a JKS key database file type in the path: / opt / IBM / WebSphere / AppServer / etc.
d) once in the Key database content. Select the certificate requests personal choice and gender new one.
e) I take certreq.arm and generated the certificate from my company CA.
f) I'll certified personal choice. I select the option to receive, seek and receive the certificate.
g) Once the certificate is received. ./stopServer.sh Run server1 to stop the service and then ./startServer.sh server1 to start it.
h) I go to a browser with the URL of the server and the certificate https://serverclm.dominio.com:9443/jts/admin remains the same for the first time. this is what tells me:

 
There is a problem with this website’s security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
   
We recommend that you close this webpage and do not continue to this website.  
   
Recommended iconClick here to close this webpage.
 
Not recommended iconContinue to this website (not recommended).

More information  More information 

permanent link
Shubjit Naik (1.5k1613) | answered May 12 '15, 10:51 a.m.
edited May 12 '15, 10:51 a.m.
Hi Deivy

Is the default self signed certificate still on the Keystore. Once you have received the certificate, you have to replace the default certificate. Here is link on receiving the certificate.

http://www-01.ibm.com/support/knowledgecenter/SSEQTP_8.0.0/com.ibm.websphere.base.doc/info/aes/ae/tsec_sslreceiveCAcert.html

Once you import the certificate you have to replace the default with the CA certificate. Select the default certificate and click Replace, select the imported CA certificate and check the option to delete the old signers ...

Your answer


Register or to post your answer.