Wednesday, September 20, 2017

Importing SSL certificates

you must export the certificate from the chain into its own certificate file:
1.       Double-click the server's certificate (i.e. server.cer) file and a Certificate dialog box opens.
2.       Click Certification Path tab.
3.       Highlight an entry of the certificate chain.
4.       Click View Certificate.
5.       In the Certificate dialog window, click the Details tab.
6.       Click Copy to File...
7.       In the Certificate Export Wizard that appears, click Next.
Select Base-64 encoded X.509 (.CER), and click Next.
Type in a unique name for the certificate you are exporting and click Next. For example, "payment" for VeriSign's intermediary certificate authority.
8.       Click Finish. Click OK in the dialog box that displays the following message: The export was successful.
Finally, import the intermediary CA certificate into the keystore by completing the following steps:
Process 1:- Using below process sometime you will keep getting handshake exception. I preffer to use process 2
1.       Using the Integrated Solutions Console,
1.1   click Security > SSL Certificate and key management.
1.2   Click Key stores and certificates.
1.3   Click CellDefaultKeyStore.
1.4   Click Signer certificates.
1.5   Click Add.
1.6    In the Alias field, type a short descriptive name for the certificate. For example, "Verisign Intermediary CA."
1.7   In the File name field, type the path to the certificate file of the intermediary CA. For example, C:\certs\ payment.cer.
1.8   Accept the default file data type.
1.9   Click Apply and Save.
Repeat the preceding steps for each intermediary CA that is part of the certificate chain. In most cases, only one intermediary CA exists.

2.       process 2:-
2.1   On the Connections server, enter: cd path_to_WebSphere/WebSphere/AppServer/java/jre/lib/security
2.2    Import the certificate into the keystore. Enter:
keytool -import -alias KeyAlias -file path_to_certificate_file -keystore cacerts -storepass changeit
Examples:
Windows: C:\IBM\WebSphere\AppServer\java\jre\bin\keytool -import -alias ExchangeCert -file C:\certs\ payment.cer -keystore cacerts -storepass changeit
Linux: /opt/IBM/WebSphere/AppServer/java/jre/bin/keytool -import -alias ExchangeCert -file /tmp/payment.cer -keystore cacerts -storepass changeit


Note: changeit is the default password for cacerts
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)