It's all about the answers!

Ask a question

Can we secure the Jazz team server with 3rd party SSL certificates


James Sullivan (151439) | asked Jul 15 '15, 7:00 p.m.
Can we secure the Jazz team server with 3rd party SSL certificates

One answer



permanent link
Kevin Ramer (4.5k8183200) | answered Jul 16 '15, 1:49 p.m.
Yes, it is possible ( recommended even ).   Both Tomcat and WebSphere can use P12 format keystores.    You'll need to create a keystore (or use your existing keystore) and from that create your certificate request and cart it off to the Certificate Authority. 

With Tomcat you'll likely have to manage the keystore with IKeyMan ( should be with the JRE ) to do your certificate request and to receive your CA certificate.   WebSphere can all be done under Security / SSL keystores and certificates / Keystores and Certificates / NodeDefaultKeystore. 

Once received you'll need to configure the J2ee server to use your certificate.  For Tomcat edit the server.xml where you have the Connector for the SSL.  You will need to add/update this:

keyAlias="your_key_name" keystoreFile="your_key_file"

The keystoreFile may already be present, but keyAlias may not.    You'll have to bounce Tomcat to get it into effect.

For WebSphere  Security / SSL Keystores and Certificates / SSL Configurations / NodeDefaultSettings   You will see a pulldown for the "Default server certificate alias".  Choose your new certificate from that pulldown and save the configuration.  WebSphere is configured by default to dynamically update SSL environment.



Comments
Kevin Ramer commented Jul 17 '15, 8:29 a.m.

A couple of links for guidance: 

WebSphere

Apache Tomcat


Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.