Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSL on WebSphere 5.1.2  [iSeries AS/400 machine]

Posted on 2006-10-25
3
Medium Priority
?
1,291 Views
Last Modified: 2013-12-10
Everyone,

> I am attempting to create a Trust Certificate for client app server's application, calling my WebService over port 9443.
https://someWAS:9443/myClientApp/service/myAppService?wsdl;

> Using iKeyMan, I created a JKS file (not the Dummy Server or client file set) and assigned it to my Containier & restared.  In this JKS I created a personally signed certificate, exported it to a *.arm(?) file.
> Ports 9443 is enabled and specified as SSL on the server.
- SSLv3, IBMJSSA

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

> Initially I got a "SocketServerReset" exception.  Then Firefox begam complaining my decryption scheme on the server was not working with Mozilla.

So here I am trying to establish a trusted SSL connection and unable to.
I do not have a WebSphere admin to work with, nor a WAS expert in house.  I am ramping up as quickly as possible on these admin issues.

Can someone fill in the gaps for me?  Lead me off this "wrong" path and point me in the correct direction?

I have read a multitude of blogs, IBM redbooks, Google articles etc. and nothing seems to connect the dots.


Thank you very much.

0
Comment
Question by:fshtank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 41

Accepted Solution

by:
HonorGod earned 1800 total points
ID: 17807322
Technote: Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using Self-Signed Certificates (GSK 5).
URL: http://IBM.com/support/docview.wss?uid=swg21154255

1. You want to "extract", not "export" the certificate.
    Export will put both the private and public portions of the certificate into the specified file.
    Extrace will only put the public portion into the file.  This is what you want.

2. Add the public portion of the certificate to your web server, and "development" websphere key files.

  Unfortunately, the Technote (specified above) doesn't explain the difference between "ServerKey" files, and "Server Trust" files.

  A "Server Key" file is supposed to be where very secure (private certificate) information is to reside.
  A "Trust" file is supposed to contain "public key" certificate information.

so - the Server Key File should contain the private certificate for your application server
    - the Server Trust File should contain the public keys of the "trusted/known" remote servers (e.g., your web
      server and your development server)
    - the Plugin Key file should contain the certificate used by the HTTP server (both public and private portions)
      as well as the public keys of the app servers with which it will communicate.
    - the client key file should contain the private key for any client applications that will be executing on this machine
    - the client trust file should contain the publick keys for the partners with which the client application will be
       communicating

  Hope this helps
0
 
LVL 5

Assisted Solution

by:Morientes
Morientes earned 200 total points
ID: 17807844
Maybe it was a typeO, but you wrote:

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

Port 9043 it's used to run only the admin app, you should use 9443.

Everything else sounds good.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 17877532
Thanks for the 'A'
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

-Xmx and -Xms are the two JVM options often used to tune JVM heap size.   Here are some common mistakes made when using them:   Assume BigApp is a java class file for the below examples. 1.         Missing m, M, g or G at the end …
Verbose logging is used to diagnose garbage collector problems. By default, -verbose:gc output is written to either native_stderr.log or native_stdout.log.   It is also possible to redirect the logs to a user-specified file. This article will de…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question