WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  regarding self signed certificates

    Posted Sun April 05, 2015 07:32 AM

    Hi,


    I have installed a standalone WAS 8.5 server. Here by default we have a root certificate(validity 15 years) signing the personal certificate.


    However , I do not want to use this default configuration.Instead, I wish to create a self signed certificate and have this certificate implemented in WAS.


    So do I deleted this default certificate from key.p12 and create a self signed certificate using ikeyman?


    PLease provide inputs.



    Thanks,


    Kushal



  • 2.  regarding self signed certificates

    Posted Wed April 08, 2015 05:20 AM
    Hi Kushal,

      Is a best practices what you want, but take a backup of your cell before start changing any certificate.

      You have an example from Brian Paskin here
     
       www.ibm.com/developerworks/community/for...
       
        Hi, the certificate should be for a particular domain, like ibm.com.  

        This is only to secure the dmgr
        1. Create a new keystore
        SSL certificate and key management > Key stores and certificates > New
        
        2. Import certificate into new keystore
        SSL certificate and key management > Key stores and certificates > > Personal certificates
        
        3. Configure new SSL Configs
        SSL certificate and key management > SSL configurations > New...
        For keystore choose the new keystore and click "get certificate aliases"
        choose the correct cert for "Default server certificate alias"
        
        4. (optional) set Quality of protection (QoP) settings
        SSL certificate and key management > SSL configurations > Quality of protection (QoP) settings
        Change the protocol to something strong
        Remove cipher suites that are not wanted/need
        
        5. update the DMgr with the new cert
        SSL certificate and key management > Manage endpoint security configurations > Nodes > > servers > dmgr
        click "Override inherited values"
        select the new SSL config in SSL configuration
        and select the correct certificate
        
        6. Restart and the dmgr is now protected
        
      Another way:
     
      WebSphere Application Server V7.0 Security Guide
      www.redbooks.ibm.com/abstracts/sg247660....
     
      5.4.1 Changing default chained certificates
     
      5.3 Basic SSL administration
     
      Manually Replacing SSL Certificates in WebSphere Application Server V6.1 (Although is for WAS 6.1 is valid for WAS 8.5)
      www-304.ibm.com/support/docview.wss?uid=...
     
     
      Hope this helps. Tell us if you need more support
     
    Regards


  • 3.  regarding self signed certificates

    Posted Fri April 10, 2015 10:17 AM
    Hi Gabrial ,

    Do you have just list of steps to configure Websphere ND 7.0 SSL setup? If you have send me all kind of SSL setup that we have in WAS 7.0. Thanks in advance.

    Thanks,
    Arindam Ghosh


  • 4.  regarding self signed certificates

    Posted Sat April 11, 2015 07:04 AM
    Hi Arindam,

      I'm not sure what do you want to configure, anyway take a look to the redbook that i have posted above (is for WAS v7) There is a chapter about SSL configurations.
     
      Hope this helps. Tell us if you need more support.
     
    regards


Related Content