Join the Customer Advisory Board

 View Only
Expand all | Collapse all

Websphere 8.5.5.22 - import personal certificate from cer or pem file

  • 1.  Websphere 8.5.5.22 - import personal certificate from cer or pem file

    Posted Sat January 06, 2024 05:21 AM
    Edited by Michael Brown Sat January 06, 2024 05:51 AM

    Hi

    I would like to ask you very much for help. How can I import a certificate from a *.cer or *.pem file (I still have a file with the private key - key.txt) to keystore (PKCS12 format) because these are the only files I have. I've already tried using the WAS console and ikeyman and I can't do it. Please help.



    ------------------------------
    Michael Brown
    ------------------------------



  • 2.  RE: Websphere 8.5.5.22 - import personal certificate from cer or pem file

    Posted Thu January 18, 2024 02:34 PM

    Hello Michael,

    To import a personal certificate into a WebSphere Application Server 8.5.5.22 environment, you will need the certificate to be stored in format that WebSphere understands, like PKCS12 or JKS.  If you have the private part of the certificate in a different format like a key.txt and the public part in cert.pem files that you received through some other process then you will need to convert these to something that WebSphere Application Server can use in its import process, I suggest using a PKCS12 formatted file database.

    You could try the following openssl command:  (I don't have these types of files to try this to be sure, but from my research this looks like it will work)

    Assumptions: key.txt has the private part of your certificate, and cert.pem has the public part of your certificate, also assuming that your end certificate will be chained and that you have the necessary signers available in PEM or DER format to be added into the signers section of the keystore after importing the private part into a WebSphere Application Server keystore.

    openssl pkcs12 -export inkey key.txt -in cert.pem -out import.p12 -name mycert

    enter the same password when prompted (and remember it!)

    This should take the key.txt, cert.pem and create a file called import.p12 with your certificate in it with and alias/label of mycert protected with the password you specified.  Then follow the steps from the product documentation on how to do the import:

    Import certificate from a key file or managed keystore
    https://www.ibm.com/docs/en/was/8.5.5?topic=rcibca-import-certificate-from-key-file-managed-keystore

    Regards, Bill Holtzhauser 

    References: 
    https://www.ibm.com/docs/en/was/8.5.5
    https://www.youtube.com/playlist?list=PL_4RxtD-BL5sSmhg6a6CNYCcKHEbBb2SS
    https://www.ibm.com/support/pages/getting-cwpki0662e-error-when-attempting-add-ca-signed-certificate



    ------------------------------
    Bill Holtzhauser
    ------------------------------

    Original Message


  • 3.  RE: Websphere 8.5.5.22 - import personal certificate from cer or pem file

    Posted Fri March 01, 2024 02:20 PM

    Bills answer is correct and I hope You got this problem solved already.

    An "easier" GUI for beginners is for example Keystore explorer, where you have a graphic GUI to work in.

    You can do everything you need with this tool, add private key/public keys to existing keystores, alter the certificate chain, change format of the keystore and alot more with "clicks" instead of command line.

    But i hope you've already got this under control thanks to Bills answer.



    ------------------------------
    Petter Åberg
    Sudsvall
    na
    ------------------------------

    Original Message