Importing the WebSphere Application Server certificate into the IBM HTTP Server plug-in

This topic explains the necessary steps to import the public WebSphere® Application Server certificate into the IBM® HTTP Server plug-in.


  1. From the WebSphere Application Server Integrated Solution Console, click Security > SSL certificate and key management > Key stores and certificates.
  2. Select the NodeDefaultKeyStore check box and click its link to open it.
  3. Click Personal certificates, select the default check box, and then click Extract.
  4. Save the extracted file with a .arm extension and a meaningful name, for example, c:\temp\jts_appserver.arm. Make note of the location.
  5. Leave the encoding set to Base64, and then click OK.
  6. Copy the previously extracted .arm files to your HTTP Server directory:
    • On AIX®: /usr/IBM/HTTPServer/Plugins/config/webserver1
    • On Linux: /opt/IBM/HTTPServer/Plugins/config/webserver1
    • On Windows: C:\Program Files\IBM\HTTPServer\Plugins\config\webserver1
  7. Repeat the steps 1 through 6 for each WebSphere Application Server in your environment.
  8. Start the IKEYMAN graphical user interface to import the Application Server Signer certificates.
    1. On Linux or AIX: Navigate to the <HTTPServer_Install_Dir>/bin directory and type ikeyman at the command-line window.
    2. On Windows: Go to the start menu and select Start Key Management Utility.
  9. Click KeyDatabaseFile > Open, and select a key database type of CMS. Specify the plugin-key.kdb file as the file name, and specify the file path to the .kdb file. For example, enter C:\Program Files\IBM\HTTPServer\Plugins\config\webserver1\plugin-key.kdb.
  10. Click OK, and enter the password. The default password from WebSphere Application Server is WebAS (case sensitive).
  11. Click Personal Certificates > Signer Certificates, and then click Add.
  12. Browse for the file that you extracted in step 4 (jts_appserver.arm), select it, and then click OK.
  13. Enter a label name, and click OK.
  14. Repeat steps 11, 12, and 13 for each WebSphere Application Server certificate that you copied in step 6.
  15. Save and exit.
  16. Restart the IBM HTTP Server to apply the changes.