Solved

SSL on WebSphere 5.1.2  [iSeries AS/400 machine]

Posted on 2006-10-25
3
1,279 Views
Last Modified: 2013-12-10
Everyone,

> I am attempting to create a Trust Certificate for client app server's application, calling my WebService over port 9443.
https://someWAS:9443/myClientApp/service/myAppService?wsdl;

> Using iKeyMan, I created a JKS file (not the Dummy Server or client file set) and assigned it to my Containier & restared.  In this JKS I created a personally signed certificate, exported it to a *.arm(?) file.
> Ports 9443 is enabled and specified as SSL on the server.
- SSLv3, IBMJSSA

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

> Initially I got a "SocketServerReset" exception.  Then Firefox begam complaining my decryption scheme on the server was not working with Mozilla.

So here I am trying to establish a trusted SSL connection and unable to.
I do not have a WebSphere admin to work with, nor a WAS expert in house.  I am ramping up as quickly as possible on these admin issues.

Can someone fill in the gaps for me?  Lead me off this "wrong" path and point me in the correct direction?

I have read a multitude of blogs, IBM redbooks, Google articles etc. and nothing seems to connect the dots.


Thank you very much.

0
Comment
Question by:fshtank
  • 2
3 Comments
 
LVL 41

Accepted Solution

by:
HonorGod earned 450 total points
ID: 17807322
Technote: Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using Self-Signed Certificates (GSK 5).
URL: http://IBM.com/support/docview.wss?uid=swg21154255

1. You want to "extract", not "export" the certificate.
    Export will put both the private and public portions of the certificate into the specified file.
    Extrace will only put the public portion into the file.  This is what you want.

2. Add the public portion of the certificate to your web server, and "development" websphere key files.

  Unfortunately, the Technote (specified above) doesn't explain the difference between "ServerKey" files, and "Server Trust" files.

  A "Server Key" file is supposed to be where very secure (private certificate) information is to reside.
  A "Trust" file is supposed to contain "public key" certificate information.

so - the Server Key File should contain the private certificate for your application server
    - the Server Trust File should contain the public keys of the "trusted/known" remote servers (e.g., your web
      server and your development server)
    - the Plugin Key file should contain the certificate used by the HTTP server (both public and private portions)
      as well as the public keys of the app servers with which it will communicate.
    - the client key file should contain the private key for any client applications that will be executing on this machine
    - the client trust file should contain the publick keys for the partners with which the client application will be
       communicating

  Hope this helps
0
 
LVL 5

Assisted Solution

by:Morientes
Morientes earned 50 total points
ID: 17807844
Maybe it was a typeO, but you wrote:

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

Port 9043 it's used to run only the admin app, you should use 9443.

Everything else sounds good.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 17877532
Thanks for the 'A'
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Verbose logging is used to diagnose garbage collector problems. By default, -verbose:gc output is written to either native_stderr.log or native_stdout.log.   It is also possible to redirect the logs to a user-specified file. This article will de…
Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question