Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SSL on WebSphere 5.1.2  [iSeries AS/400 machine]

Posted on 2006-10-25
3
1,280 Views
Last Modified: 2013-12-10
Everyone,

> I am attempting to create a Trust Certificate for client app server's application, calling my WebService over port 9443.
https://someWAS:9443/myClientApp/service/myAppService?wsdl;

> Using iKeyMan, I created a JKS file (not the Dummy Server or client file set) and assigned it to my Containier & restared.  In this JKS I created a personally signed certificate, exported it to a *.arm(?) file.
> Ports 9443 is enabled and specified as SSL on the server.
- SSLv3, IBMJSSA

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

> Initially I got a "SocketServerReset" exception.  Then Firefox begam complaining my decryption scheme on the server was not working with Mozilla.

So here I am trying to establish a trusted SSL connection and unable to.
I do not have a WebSphere admin to work with, nor a WAS expert in house.  I am ramping up as quickly as possible on these admin issues.

Can someone fill in the gaps for me?  Lead me off this "wrong" path and point me in the correct direction?

I have read a multitude of blogs, IBM redbooks, Google articles etc. and nothing seems to connect the dots.


Thank you very much.

0
Comment
Question by:fshtank
  • 2
3 Comments
 
LVL 41

Accepted Solution

by:
HonorGod earned 450 total points
ID: 17807322
Technote: Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using Self-Signed Certificates (GSK 5).
URL: http://IBM.com/support/docview.wss?uid=swg21154255

1. You want to "extract", not "export" the certificate.
    Export will put both the private and public portions of the certificate into the specified file.
    Extrace will only put the public portion into the file.  This is what you want.

2. Add the public portion of the certificate to your web server, and "development" websphere key files.

  Unfortunately, the Technote (specified above) doesn't explain the difference between "ServerKey" files, and "Server Trust" files.

  A "Server Key" file is supposed to be where very secure (private certificate) information is to reside.
  A "Trust" file is supposed to contain "public key" certificate information.

so - the Server Key File should contain the private certificate for your application server
    - the Server Trust File should contain the public keys of the "trusted/known" remote servers (e.g., your web
      server and your development server)
    - the Plugin Key file should contain the certificate used by the HTTP server (both public and private portions)
      as well as the public keys of the app servers with which it will communicate.
    - the client key file should contain the private key for any client applications that will be executing on this machine
    - the client trust file should contain the publick keys for the partners with which the client application will be
       communicating

  Hope this helps
0
 
LVL 5

Assisted Solution

by:Morientes
Morientes earned 50 total points
ID: 17807844
Maybe it was a typeO, but you wrote:

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

Port 9043 it's used to run only the admin app, you should use 9443.

Everything else sounds good.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 17877532
Thanks for the 'A'
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about some of the basic and important steps to be used to improve the performance in web-sphere commerce application development. 1) Always leverage the Dyna-caching facility provided by the product 2) Remove the unwanted code …
There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question