Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Installing certificate chain on Jazz Team Server

Questions
Tags
Users
Badges
Robert Wen
(690412) Jan 18 '17, 10:31 p.m.

 I've been given a certificate chain (root-intermediate-server) by a client for installation onto the Jazz Team Server v6.0.2.  Can anyone give steps to properly add this chain including which of these certificates go into cacerts?  Or is it a case where I need the private key to properly bundle the three certificates together into a .p12 for keytool to import as a keystore?


Thanks in advance!

0 votes

1 answer
3,305 views
0 votes

One answer

Permanent link
Shradha Srivastav
(348413) Jan 19 '17, 8:48 a.m.

Hi Robert,

You can refer the below links to import the certificates

For WAS
http://www.ibm.com/developerworks/rational/library/configure-security-rational-team-concert/index.html?ca=dat

For Tomcat
http://www-01.ibm.com/support/docview.wss?uid=swg21442170

0 votes

Comments
Robert Wen
Jan 19 '17, 12:55 p.m.

OK, so to elaborate (or ask further questions):


For a 6.0.2 CLM  setup that uses the bundled WebSphere Liberty, I would look at the Tomcat support document.

If I do that, I would create a blank keystore and create a dummy CSR request to the company's CA (that would never get a reply).  I take the certificates and mark the root and intermediate as Signer Certificates and add into the keystore.  I then add the server certificate to the keystore.  Once added, I point the server to the new keystore.

But wouldn't the private key embedded in the certificate chain not match the CSR private key?

Lily Wang
Jan 19 '17, 11:25 p.m.

You do not need to create a dummy CSR request. You only need to:
- import root and intermediate certificate into "Signer Certificates"
- import the private key and personal certificate into "Personal Certificates"

You can also refer to Donald Nong's anser in post https://jazz.net/forum/questions/224660/how-to-install-ca-cert-to-liberty

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,495
× 2,357
× 36

Question asked: Jan 18 '17, 10:31 p.m.

Question was seen: 3,305 times

Last updated: Jan 19 '17, 11:25 p.m.

Confirmation Cancel Confirm