• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1315
  • Last Modified:

Global SSL Trust Store for WebSphere App Server 7?

Is there a global SSL Trust Store for IBM WebSphere Application Server 7, that applies to all defined nodes? If so, where would this reside, or how could I find it?
0
jessc7
Asked:
jessc7
  • 5
  • 2
1 Solution
 
AdminRAMCommented:
Is there a global SSL Trust Store for IBM WebSphere Application Server 7, that applies to all defined nodes?

Yes if you using default ssl configuration then always it will use celldefaulttruststore

celldefaulttruststsore is common for all nodes.

for example location: /usr/websphere/appserver/profiles/dmgr/config/cell/cellname
0
 
AdminRAMCommented:
CellDefaultTrustStore truststore as the specified server truststore and common truststore for a cell, all of the signers for that cell are downloaded to the specified client truststore, which is typically ClientDefaultTrustStore.
0
 
jessc7Author Commented:
Thanks for your reply. Is there a trust store that applies across all cells? Something that stores common CA certificates for default trust?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
AdminRAMCommented:
Is there a trust store that applies across all cells?

Nope by default Websphere is design to use one common truststore ( celldefaulttruststsore ) per CELL
0
 
jessc7Author Commented:
So just to say it another way, there is nothing within WebSphere that trusts common CA's like VeriSign, Equifax, etc?
0
 
AdminRAMCommented:
In WAS 7.0 it has internal CA
it contains websphere root certificate located under singer certificate of celldefaulttruststsore

 root certificate authority (CA) certificate is used to sign other certificates for WebSphere Application Server. By default, during profile management, the default root keying (NodeDefaultRootStore or DmgrDefaultRootStore for a deployment manager), and the root CA certificate, are automatically configured.

If you want to add additional CA cerificates like VeriSign, Equifax, etc then you need to add  under singer certificate of celldefaulttruststsore since it is common truststore for a cell.
0
 
AdminRAMCommented:
Thank you very much for points

Have a good day
AdminRam
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now