Here are some useful technotes on implementing custome SSL on WAS.
Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using a CA Certificate
Creating Custom Secure Socket Layer (SSL) Key Files for V6.0 using a CA Certificate
Manually Replacing SSL Certificates in V6.1
Note -
Please join in my WebSphere Community in Orkut, WebSphere Zone
Showing posts with label SSL. Show all posts
Showing posts with label SSL. Show all posts
7/27/09
6/29/09
Applet Security -
When an app is accessed through https, if there is no trust between app server and browser jre, client jvm may spit SSL HandShake Error. Error may go like this -
Error Occured during session initialization: Error SSL connecting to server:9446:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Its very simple to solve this. One needs to import client certificate into jre/lib/security/cacerts which is the trust store of the JVM.
example -
"C:\Program Files\Java\jre1.5.0_11\bin\keytool" -import -trustcacerts -keystore "C:\Program Files\Java\jre1.5.0_11\lib\security\cacerts" -storepass changeit -noprompt -alias ALIAS_NAME -file "\CERTIFICATE_NAME"
Error Occured during session initialization: Error SSL connecting to server:9446:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Its very simple to solve this. One needs to import client certificate into jre/lib/security/cacerts which is the trust store of the JVM.
example -
"C:\Program Files\Java\jre1.5.0_11\bin\keytool" -import -trustcacerts -keystore "C:\Program Files\Java\jre1.5.0_11\lib\security\cacerts" -storepass changeit -noprompt -alias ALIAS_NAME -file "
2/23/09
IKEYMAN
ikeyman is a UI tool comes with IHS/WAS with which one can create certificates, extract them, import them, export them, create self signed certificates and so on.
When to use ikeyman?
When your certificates expire, you need to have new certificates. You use ikeyman to import the new certificates
When you want create self signed certificates. You use ikeyman.
You have to eshtablish trust between different clients and your server. You use ikeyman.
Here is a technote on Creating Custom Secure Socket Layer (SSL) Key Files using a CA Certificate
Here is the ikeyman doc. Click here
Install SSL Certificate using IBM ikeyman
When to use ikeyman?
When your certificates expire, you need to have new certificates. You use ikeyman to import the new certificates
When you want create self signed certificates. You use ikeyman.
You have to eshtablish trust between different clients and your server. You use ikeyman.
Here is a technote on Creating Custom Secure Socket Layer (SSL) Key Files using a CA Certificate
Here is the ikeyman doc. Click here
Install SSL Certificate using IBM ikeyman
Subscribe to:
Posts (Atom)
