Extract the default Personal Certificate
1. Login to the WebSphere Application Server Administrative Console
2. Select Security > SSL certificate and key management > Key Stores and certificates
3. Select NodeDefaultKeyStore for a stand-alone deployment or
CellDefaultKeyStore for a network deployment.
4. Click Personal Certificates, select the default check box, and then click Extract.
5. Give the extracted file a path and name, such as: /root/defaultCert.ARM.
Note: The convention is to give the file a .ARM extension.
6. Leave encoding set to Base64.
7. Click OK.
Locate your *.kdb file
1. In the httpd.conf file, find the directory in which the plugin-cfg.xml file is
stored by searching for the WebSpherePluginConfig line. It should look something like this:
WebSpherePluginConfig "/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-cfg.xml"
2. Find the directory in which the key database file (*.kdb) is stored by searching
for the term "keyring" in the plugin-cfg.xml file. For example:
<Property Name="keyring" Value="/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-key.kdb"/>
Note this location as you will need to use it later.
Add the extracted certificate to your key database file
1. Go to the directory for ikeyman and start it:
cd /opt/IBM/HTTPServer/bin
./ikeyman
2. Click Key Database File > Open, and then select a key database type of CMS.
3. Specify the filename and loacation you found above. For example: plugin-key.kdb and
/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-key.kdb
4. Click OK, and then enter the password. Note: If you have not given this file another password,
the default password from WebSphere Application Server is WebAS (case sensitive).
5. Click Personal Certificates drop down and then select Signer Certificates.
6. Click Add.
7. Browse to the file you exported with the extension *.ARM, Select it, then Open and click OK. Supply a name if prompted.
8. Select Key Database File > Save As and save to the original location.
9. Select Key Database File > Exit.
10. Restart the IBM HTTP Server.
1. Login to the WebSphere Application Server Administrative Console
2. Select Security > SSL certificate and key management > Key Stores and certificates
3. Select NodeDefaultKeyStore for a stand-alone deployment or
CellDefaultKeyStore for a network deployment.
4. Click Personal Certificates, select the default check box, and then click Extract.
5. Give the extracted file a path and name, such as: /root/defaultCert.ARM.
Note: The convention is to give the file a .ARM extension.
6. Leave encoding set to Base64.
7. Click OK.
Locate your *.kdb file
1. In the httpd.conf file, find the directory in which the plugin-cfg.xml file is
stored by searching for the WebSpherePluginConfig line. It should look something like this:
WebSpherePluginConfig "/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-cfg.xml"
2. Find the directory in which the key database file (*.kdb) is stored by searching
for the term "keyring" in the plugin-cfg.xml file. For example:
<Property Name="keyring" Value="/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-key.kdb"/>
Note this location as you will need to use it later.
Add the extracted certificate to your key database file
1. Go to the directory for ikeyman and start it:
cd /opt/IBM/HTTPServer/bin
./ikeyman
2. Click Key Database File > Open, and then select a key database type of CMS.
3. Specify the filename and loacation you found above. For example: plugin-key.kdb and
/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-key.kdb
4. Click OK, and then enter the password. Note: If you have not given this file another password,
the default password from WebSphere Application Server is WebAS (case sensitive).
5. Click Personal Certificates drop down and then select Signer Certificates.
6. Click Add.
7. Browse to the file you exported with the extension *.ARM, Select it, then Open and click OK. Supply a name if prompted.
8. Select Key Database File > Save As and save to the original location.
9. Select Key Database File > Exit.
10. Restart the IBM HTTP Server.
test
ReplyDeleteHi,
ReplyDeleteThks for your post.
I am finding problems trying to follow all the steps... I do not see any option to import the *.ARM file I previously extracted...
In fact, I do not have a "Personal Certificated drop down" option, instead, I have a general "import" option, but that import option only allows me to import CMS, JKS, JCEKS, PKCS12 or PKC11 Direct files...
I am using a recent release of ikeyman (8.0.373) under a linux machine, so I do not understand very well what I am doing wrong..
Could you please help me or give me any hint / workaround ?
THks!