Exchanging SSL Signer Certificates from Client's Keystore to the IOS Server's Truststore

Note: If the value of the IOS server’s Client Certificate authentication on CSIv2 inbound communications is set to SSL-required, the following steps are required.
  1. Stop all the servers and nodes on the IOS server's side.
  2. Start all the servers and nodes on the client's side.
  3. Navigate to Security > SSL certificate and key management > Key stores and certificates > select the truststore of the selected SSL Configuration > Signer Certificates > Retrieve from port.
  4. Provide the following details:
    Entry Value
    Host Use the IOS server’s URL or IP address.
    Port The value of this field depends on the value of the IOS server’s Client Certificate authentication on CSIv2 inbound communications.
    Host Provide a name for the signer certificate.

    Refer to the table below for the Client Certificate authentication information:

    Client Certificate authentication Port Value
    Never CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS
    Supported CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS or CSIV2_SSL_ MUTUALAUTH _LISTENER_ADDRESS
    Required CSIV2_SSL_ MUTUALAUTH _LISTENER_ADDRESS

    To obtain the port values, navigate to Servers > Websphere application servers > Click the server > Communications > expand Ports.

  5. Click Retrieve signer information.
  6. Click OK and save the changes to master configuration.