SSL is a Self Signed certificate which is installed in the client machine and used when establishing a secured connection and exchanging data with the 3rd party vendor. In websphere commerce the SSL certificate is managed from WAS admin console.
In WAS admin console we have the options for :
1. Installing Singer certificate.
2. Install personal certificate.
3. Certificate expiry monitoring.
4. Delete/ Replace expired certificates.
Websphere commerce server environment can be either clustered (federated) / non clustered. and N number of certificates can be installed in both of these server types.
We will see below steps on how to install SSL certificate through WAS admin console:
But keep in mind before modifying anything in WAS admin console be sure
to take config folder back up. The config folder can be found in WCS
installable folder as for
ex: C:\IBM\WebSphere\CommerceServer70\config
Before beginning with Certificate installation in WAS admin
console first we need to check that SSL Settings are configured properly.
- Go to Security -> SSL Certificate and Key Management ->Manage end point security configurations
2. Select the particular node / cell in outbound configurations based on the clustering.
3. See
to it that there is no certificate alias name selected in the Specific SSL
configurations, it should be “none”:
(Otherwise the alias selected certificate will only work in the server other certificates installed will not work)
4. Then
go to Security -> SSL Certificate and Key Management -> SSL
Configurations and select the NodeDefaultSSLSettings that was chose in step 3.
5. In General Properties for
NodeDefaultSSLSettings, see that ‘Default Server certificate alias’ and ‘Default
client certificate alias’ is selected as “None”
- (Otherwise the alias selected certificate will only work in the server, the other certificates will not work)
5. Then
the rest of the procedure is same that we follow for any SSL certificate
installation: For ex:
- Cell Default trust store -> signer certificate ->retrieve from port number ->Give hostname and post number (default port number is 443) ->Save.
- NodeDefaulttrust store -> signer certificate -> retrieve from port number ->Give hostname and post number (default port number is 443) -> Save.
- CelldefaultKeystore -> Personal certificate -> Import certificates -> Get Key file alias ->Give the path of the signer certificate from the serverGive the path of the signer certificate from the server Ex: C:\Users\..\Desktop\certificateName.pfx Save. Key file name -- Should be the file name including the path where it is placed.
- Node default key store -> Personal certificate -> Import certificates -> Get key file alias -Ex: C:\Users\..\Desktop\certificateName.pfx key file password - Password for the signer certificate Save
- SSL
certificate and Management -> Dynamic outbound end point SSL config
-> new -> NodeDefaultConfig
https, https://... ,443 -> Add -> Save
Basically the entry should be in this form “https,
hostname, 443” (443 is the default port)
Note : If you already have NodeDefaultConfig entry in your WAS server then you can use different name like NodeDefaultConfig1
Then restart the server.
No comments:
Post a Comment