Exchange SSL Signer Certificates on WebSphere

This section can be performed by either retrieving from port or manually transferring the certificates by using the IBM Key Manager.

Exchange SSL signer certificates on WebSphere to WebSphere Setup

  1. Transfer the signer certificates of the IOS server’s keystore to the client’s truststore. Start the node and the server on the IOS server side.
  2. On the client's administrative console, navigate to Security > SSL certificate and key management > Key stores and certificates > select the truststore of the selected SSL Configuration > Signer Certificates > Retrieve from port.
  3. Provide the following details:
    Name Value
    Host Set it to the IOS server’s URL or IP address
    Port The value of this field will depend on the value of the IOS server’s Client Certificate authentication on CSIv2 inbound communications:
    Alias Provide a name for the signer certificate.
    Note: To obtain the port values, navigate to Servers > Websphere application servers > Click the server > Communications > expand Ports.
    Client Certificate authentication Value
    Never CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS
    Supported CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS or CSIV2_SSL_ MUTUALAUTH _LISTENER_ADDRESS
    Required CSIV2_SSL_ MUTUALAUTH _LISTENER_ADDRESS
  4. Click Retrieve signer information.

    The signer certificate information of the server will appear.

  5. Click OK and save the changes to master configuration.
    Note: If the value of the IOS server’s Client Certificate authentication on CSIv2 inbound communications is set to SSL-required, then performing the following steps below:
  6. Stop all the servers and nodes on the IOS server side, Start the node and the server on the client side.
  7. Go to the truststore of the selected SSL configurations that was used by navigating to Security > SSL certificate and key management > Key stores and certificates > select the truststore of the selected SSL Configuration > Signer Certificates > Retrieve from port.
  8. Provide the following details:
    Name Value
    Host Set it to the IOS server’s URL or IP address
    Port The value of this field will depend on the value of the IOS server’s Client Certificate authentication on CSIv2 inbound communications:
    Alias Provide a name for the signer certificate.
    Note: To obtain the port values, navigate to Servers > Websphere application servers > Click the server > Communications > expand Ports.
    Client Certificate authentication Value
    Never CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS
    Supported CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS or CSIV2_SSL_ MUTUALAUTH _LISTENER_ADDRESS
    Required CSIV2_SSL_ MUTUALAUTH _LISTENER_ADDRESS
  9. Click Retrieve signer information.
  10. Save the changes to master configuration.