This article is the third in a three-part series on configuring Secure Sockets Layer (SSL) for IBM WebSphere 6.0x. In Part 1, I walked you through the process of creating a key database file and certificates. In Part 2, I covered the process of enabling SSL itself. Here in Part 3, I will show you how to enable the client to trust the server's SSL certificate.

Note: This document was created for WebSphere 6.0.x.x, but the steps to enable SSL on WebSphere 5.1.x are virtually identical. There are some UI changes between version 5.1.x and 6.0.x in WebSphere, but this guide should enable you to configure SSL on WebSphere version 5.1.x as well.

Requirements

In order to make the most of this article, you need the following software and files:

Microsoft Windows Server 2003 Enterprise Edition

• Learn more

IBM WebSphere

• Learn more

Prerequisite knowledge

• General understanding digital certificate technology
• Understanding of the purpose of SSL
• General knowledge of the WebSphere Administration User Interface

Getting the server certificate

Once Secure Sockets Layer (SSL) has been enabled on the WebSphere server, the client system(s) that will be used to access the server over SSL must be configured to trust it. This involves importing the server's certificate into the Windows Certificate Store.

1. Locate the .arm file that you exported from the server's SSL credentials (.jks file).

   Note: An .arm file is the equivalent of a .cer file (Public Key portion of a PKI credential). For the purposes of this tutorial, use serverSSL-credentials.arm, which is located at C:\Program Files\IBM\WebSphere\AppServer\profiles\default\etc.

2. Copy the file to the desktop.
3. Rename the file to serverSSL-credentials.cer.

4. Double-click the serverSSL-credentials.cer file. You will be presented with a Certificate dialog box (see Figure 1).

   

   Figure 1. Double-clicking the serverSSL-credentials.cer file opens the Certificate dialog box.

5. Click the Install Certificate button. The Certificate Import Wizard will launch (see Figure 2).

   

   Figure 2. The Certificate Import Wizard is launched.

6. Click Next.

7. Select the "Automatically select the certificate store based on the type of certificate"option (see Figure 3).

   

   Figure 3. The wizard prompts you to select the location for your certificate store.

8. Click Next. You're now ready to complete the Certificate Import Wizard (see Figure 4).

   

   Figure 4. Click Finish to complete the Certificate Import Wizard.

9. Click Finish. You will be presented with a Security Warning (see Figure 5).

   

   Figure 5. When you click Finish, Windows will warn you of the risk of installing certificates.

10. Click Yes. The import will be confirmed (see Figure 6).

    

    Figure 6. The final message box confirms that the certificate was installed.

11. Click OK.

Testing the SSL implementation

Once WebSphere has been restarted, you can test if SSL is functioning by attempting to access the Administrative Console over HTTPS. Enter the following URL in a web browser:

https://yourservername:9043/ibm/console/secure/login.do

If SSL is configured properly, the Administrative Console will be displayed. If you receive a "Security Warning" dialog box, please refer to Part 1 for the probable reasons.

Where to go from here

You're done! You've successfully enabled your client to trust the WebSphere server's certificate. This completes the process of configuring SSL on IBM WebSphere 6.0x.

You can get more information about SSL in WebSphere from IBM:

• IBM WebSphere 6.0x Online Manual, Secure Sockets Layer

About the author