Solved

SSL on WebSphere 5.1.2  [iSeries AS/400 machine]

Posted on 2006-10-25
3
1,282 Views
Last Modified: 2013-12-10
Everyone,

> I am attempting to create a Trust Certificate for client app server's application, calling my WebService over port 9443.
https://someWAS:9443/myClientApp/service/myAppService?wsdl;

> Using iKeyMan, I created a JKS file (not the Dummy Server or client file set) and assigned it to my Containier & restared.  In this JKS I created a personally signed certificate, exported it to a *.arm(?) file.
> Ports 9443 is enabled and specified as SSL on the server.
- SSLv3, IBMJSSA

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

> Initially I got a "SocketServerReset" exception.  Then Firefox begam complaining my decryption scheme on the server was not working with Mozilla.

So here I am trying to establish a trusted SSL connection and unable to.
I do not have a WebSphere admin to work with, nor a WAS expert in house.  I am ramping up as quickly as possible on these admin issues.

Can someone fill in the gaps for me?  Lead me off this "wrong" path and point me in the correct direction?

I have read a multitude of blogs, IBM redbooks, Google articles etc. and nothing seems to connect the dots.


Thank you very much.

0
Comment
Question by:fshtank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 41

Accepted Solution

by:
HonorGod earned 450 total points
ID: 17807322
Technote: Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using Self-Signed Certificates (GSK 5).
URL: http://IBM.com/support/docview.wss?uid=swg21154255

1. You want to "extract", not "export" the certificate.
    Export will put both the private and public portions of the certificate into the specified file.
    Extrace will only put the public portion into the file.  This is what you want.

2. Add the public portion of the certificate to your web server, and "development" websphere key files.

  Unfortunately, the Technote (specified above) doesn't explain the difference between "ServerKey" files, and "Server Trust" files.

  A "Server Key" file is supposed to be where very secure (private certificate) information is to reside.
  A "Trust" file is supposed to contain "public key" certificate information.

so - the Server Key File should contain the private certificate for your application server
    - the Server Trust File should contain the public keys of the "trusted/known" remote servers (e.g., your web
      server and your development server)
    - the Plugin Key file should contain the certificate used by the HTTP server (both public and private portions)
      as well as the public keys of the app servers with which it will communicate.
    - the client key file should contain the private key for any client applications that will be executing on this machine
    - the client trust file should contain the publick keys for the partners with which the client application will be
       communicating

  Hope this helps
0
 
LVL 5

Assisted Solution

by:Morientes
Morientes earned 50 total points
ID: 17807844
Maybe it was a typeO, but you wrote:

> On my client app server (also websphere - development IDE environemt - I created a DEV Key and DEV trust file.  I imported the Certification I exported in the above step.  I then ran my client over HTTPS port 9043, calling my WebService.

Port 9043 it's used to run only the admin app, you should use 9443.

Everything else sounds good.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 17877532
Thanks for the 'A'
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

-Xmx and -Xms are the two JVM options often used to tune JVM heap size.   Here are some common mistakes made when using them:   Assume BigApp is a java class file for the below examples. 1.         Missing m, M, g or G at the end …
Verbose logging is used to diagnose garbage collector problems. By default, -verbose:gc output is written to either native_stderr.log or native_stdout.log.   It is also possible to redirect the logs to a user-specified file. This article will de…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question