you must export the certificate from the chain into its own
certificate file:
1.
Double-click the server's certificate (i.e.
server.cer) file and a Certificate dialog box opens.
2.
Click Certification Path tab.
3.
Highlight an entry of the certificate chain.
4.
Click View Certificate.
5.
In the Certificate dialog window, click the
Details tab.
6.
Click Copy to File...
7.
In the Certificate Export Wizard that appears,
click Next.
Select Base-64 encoded X.509 (.CER), and
click Next.
Type in a unique
name for the certificate you are exporting and click Next. For example, "payment"
for VeriSign's intermediary certificate authority.
8.
Click Finish. Click OK in the dialog box that
displays the following message: The export was successful.
Finally, import the intermediary CA certificate into the
keystore by completing the following steps:
Process 1:-
Using below process sometime you will keep getting handshake exception. I
preffer to use process 2
1.
Using the Integrated Solutions Console,
1.1
click Security > SSL Certificate and key
management.
1.2
Click Key stores and certificates.
1.3
Click CellDefaultKeyStore.
1.4
Click Signer certificates.
1.5
Click Add.
1.6
In the
Alias field, type a short descriptive name for the certificate. For example,
"Verisign Intermediary CA."
1.7
In the File name field, type the path to the
certificate file of the intermediary CA. For example, C:\certs\ payment.cer.
1.8
Accept the default file data type.
1.9
Click Apply and Save.
Repeat the preceding steps for each intermediary CA that is
part of the certificate chain. In most cases, only one intermediary CA exists.
2.
process 2:-
2.1
On the Connections server, enter: cd
path_to_WebSphere/WebSphere/AppServer/java/jre/lib/security
2.2
Import
the certificate into the keystore. Enter:
keytool -import -alias KeyAlias -file
path_to_certificate_file -keystore cacerts -storepass changeit
Examples:
Windows:
C:\IBM\WebSphere\AppServer\java\jre\bin\keytool -import -alias ExchangeCert
-file C:\certs\ payment.cer -keystore cacerts -storepass changeit
Linux:
/opt/IBM/WebSphere/AppServer/java/jre/bin/keytool -import -alias ExchangeCert
-file /tmp/payment.cer -keystore cacerts -storepass changeit
Note: changeit is
the default password for cacerts
No comments:
Post a Comment