It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×7,382
×4,288
×2,338
×36
×18

question asked: Jan 18 '17, 10:31 p.m.
question was seen: 2,712 times
last updated: Jan 19 '17, 11:25 p.m.

Related questions

FAQ - How this Forum works

Installing certificate chain on Jazz Team Server

0
Robert Wen (690412) | asked Jan 18 '17, 10:31 p.m.

 I've been given a certificate chain (root-intermediate-server) by a client for installation onto the Jazz Team Server v6.0.2.  Can anyone give steps to properly add this chain including which of these certificates go into cacerts?  Or is it a case where I need the private key to properly bundle the three certificates together into a .p12 for keytool to import as a keystore?


Thanks in advance!

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Shradha Srivastav (348313) | answered Jan 19 '17, 8:48 a.m.

Hi Robert,

You can refer the below links to import the certificates

For WAS
http://www.ibm.com/developerworks/rational/library/configure-security-rational-team-concert/index.html?ca=dat

For Tomcat
http://www-01.ibm.com/support/docview.wss?uid=swg21442170

Comments
Robert Wen commented Jan 19 '17, 12:55 p.m.

OK, so to elaborate (or ask further questions):


For a 6.0.2 CLM  setup that uses the bundled WebSphere Liberty, I would look at the Tomcat support document.

If I do that, I would create a blank keystore and create a dummy CSR request to the company's CA (that would never get a reply).  I take the certificates and mark the root and intermediate as Signer Certificates and add into the keystore.  I then add the server certificate to the keystore.  Once added, I point the server to the new keystore.

But wouldn't the private key embedded in the certificate chain not match the CSR private key?

Lily Wang commented Jan 19 '17, 11:25 p.m.

You do not need to create a dummy CSR request. You only need to:
- import root and intermediate certificate into "Signer Certificates"
- import the private key and personal certificate into "Personal Certificates"

You can also refer to Donald Nong's anser in post https://jazz.net/forum/questions/224660/how-to-install-ca-cert-to-liberty

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.