发表新帖
发表新帖

certificate not trusted by Websphere

前端 未结
关注
6 1246
谎友^
谎友^ 2021-01-12 02:58

I have a web application that call a SOAP Web service secured via SSL .(https://zzzzzzzzzzzz/xxxxx).

The server send two certificates (Root and Leaf) s

6条回答
  • 独厮守ぢ
    独厮守ぢ (楼主)
    2021-01-12 03:42

    Here are the steps to import a certificate to the JVM for a HTTPS WS call:

    A) Obtain the Certificate to be Imported

    1. Each browser displays certificates in different ways, but they are usually quite similar. On the browser's URL bar, there is usually a zone that you can click on to display SSL certificate information. For example, you may see a padlock in the status bar, and clicking on the padlock opens the certificate information. Once the certificate information is open, click on the "Certification Path" information. There normally will be a way to export each of the signing certificates (trusted roots). Export the certifiers in the "Base-64 encoded X.509 (.CER)" format. The exported file in this format will be an ASCII text file that has "BEGIN CERTIFICATE" and "END CERTIFICATE" lines at the top and bottom. Once you have exported the certificates that signed the remote server's SSL certificate you can then import them into the JVM.

    B) Import the certificate

    1. Start the ikeyman utility. The utility (ikeyman.bat or ikeyman.sh) is in the WAS_HOME\bin.
    2. From the Key Database File menu, select Open.
    3. In the key database type, select JKS.
    4. In the File Name field, type cacerts.
    5. In the Location field, type WAS_HOME\java\jre\lib\security.
    6. In the Password Prompt window, type the password for the keystore in the Password and Confirm Password window. The default password is changeit. Click OK.
    7. Add the certificate you created for the LDAP server into this certificate store.
    8. In the main window, in the Key database content area, select Signer Certificates from the list. Click Add.
    9. In the Certificate file name field, browse and locate the server certificate file that was created for the LDAP server, which is in Binary Der data. Verify that the appropriate directory is displayed in the Location field. Click OK.
    10. In the prompt, type a label for this certificate. For example, type LDAPCA. Click OK.

    0 讨论(0)
 看不清?
提交回复
热议问题