Solved

SSL on WebSphere 5.1.2  [iSeries AS/400 machine]

Posted on 2006-10-25
3
1,278 Views
Last Modified: 2013-12-10
Everyone,

> I am attempting to create a Trust Certificate for client app server's application, calling my WebService over port 9443.
https://someWAS:9443/myClientApp/service/myAppService?wsdl;

> Using iKeyMan, I created a JKS file (not the Dummy Server or client file set) and assigned it to my Containier & restared.  In this JKS I created a personally signed certificate, exported it to a *.arm(?) file.
> Ports 9443 is enabled and specified as SSL on the server.
- SSLv3, IBMJSSA

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

> Initially I got a "SocketServerReset" exception.  Then Firefox begam complaining my decryption scheme on the server was not working with Mozilla.

So here I am trying to establish a trusted SSL connection and unable to.
I do not have a WebSphere admin to work with, nor a WAS expert in house.  I am ramping up as quickly as possible on these admin issues.

Can someone fill in the gaps for me?  Lead me off this "wrong" path and point me in the correct direction?

I have read a multitude of blogs, IBM redbooks, Google articles etc. and nothing seems to connect the dots.


Thank you very much.

0
Comment
Question by:fshtank
  • 2
3 Comments
 
LVL 41

Accepted Solution

by:
HonorGod earned 450 total points
ID: 17807322
Technote: Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using Self-Signed Certificates (GSK 5).
URL: http://IBM.com/support/docview.wss?uid=swg21154255

1. You want to "extract", not "export" the certificate.
    Export will put both the private and public portions of the certificate into the specified file.
    Extrace will only put the public portion into the file.  This is what you want.

2. Add the public portion of the certificate to your web server, and "development" websphere key files.

  Unfortunately, the Technote (specified above) doesn't explain the difference between "ServerKey" files, and "Server Trust" files.

  A "Server Key" file is supposed to be where very secure (private certificate) information is to reside.
  A "Trust" file is supposed to contain "public key" certificate information.

so - the Server Key File should contain the private certificate for your application server
    - the Server Trust File should contain the public keys of the "trusted/known" remote servers (e.g., your web
      server and your development server)
    - the Plugin Key file should contain the certificate used by the HTTP server (both public and private portions)
      as well as the public keys of the app servers with which it will communicate.
    - the client key file should contain the private key for any client applications that will be executing on this machine
    - the client trust file should contain the publick keys for the partners with which the client application will be
       communicating

  Hope this helps
0
 
LVL 5

Assisted Solution

by:Morientes
Morientes earned 50 total points
ID: 17807844
Maybe it was a typeO, but you wrote:

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

Port 9043 it's used to run only the admin app, you should use 9443.

Everything else sounds good.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 17877532
Thanks for the 'A'
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Working knowledge on Innopac Library System 2 176
Refresh JTable Content 6 206
java.util.concurrent.Callable way of creating threads 2 102
java question on merging xls 3 75
Verbose logging is used to diagnose garbage collector problems. By default, -verbose:gc output is written to either native_stderr.log or native_stdout.log.   It is also possible to redirect the logs to a user-specified file. This article will de…
Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now