Utility for importing key and certificate into websphere
Jennifer J-N Liu
Are there any websphere or external tools that I can use to import
key/certificate from other server to websphere?
Thanks,
Jennifer
Sunit Patke
encrypting traffic use what is called as GSK (Global Security Kit). This
comes with a utility called ikeyman that allows you to manage your
certificate store (aka kdb).
Sunit
"Jennifer J-N Liu" <jen...@nortelnetworks.com> wrote in message
news:cascoi$4c1i$1...@news.boulder.ibm.com...
Jennifer J-N Liu
1. First I exported my certificate to a pkcs12 format file from SunOne,
2. then ftped it to my websphere platform
3. start ikeyman tool
4. create a server key store file,
At this point, I don't see any menu bar item that could allow me to import
a pkcs12
file.
5. If I create a self-signed certificate, and then extract a public
certificate from
it, I see a button on the window "Export/Import", When I click the
button, I
see that the pull down menu allow import of a "pkcs12" type file, so I
tried
to import my file, but got an error message say "the specified database
has
been corrupted".
I am not sure whether I need to do step 5 in order to import a certificate,
but if I
Don't, the tool does not appear to have any other interface to allow
importing.
Any suggestions?
Thanks,
Jennifer
"Sunit Patke" <sup...@nospam.com> wrote in message
news:casmfu$5ns4$1...@news.boulder.ibm.com...
Sunit Patke
certificates (signer certificates is the default tab). You should see the
import certificate button on the right hand side.
Sunit
"Jennifer J-N Liu" <jen...@nortelnetworks.com> wrote in message
news:cat6g7$9de6$1...@news.boulder.ibm.com...
Gopala Molakaluri
Which certificate database are you opening ??? The certificate that you
are importing, is it a signer certificate or Personal/server certificate
?? If you want WebSphere to have the same SunOne Personal Cert, then
what you want to do is:
1. Open keytool.
2. open ServerKeyFile (Dummy or the one you have created and configured
in WAS ).
3. Click on "Key Database Content" drop down list.
4. Choose "Personal Cert" and then import the pks12 cert into it.
5. If it is dummy, then you will have two certs and you can probably
choose which one to be "active" or "primary", I guess.
6. It is a good idea to get rid of Dummy Server cert, but again it
depends on how much you want to customize.
7. Dont forget to add this cert to the Server and Client Trust stores also.
If not, please explain what is your intent in this Cert export and import.
HTH
Dexthor.
Jennifer J-N Liu
The sunOne certificate that I am trying to import, is a Server certificate
(certificate that is assigned for a specific virtual server, ***cert7.db and
***key3.db), it is a self-signed certificate (no CA), I guess it should map
to "personal certificate" in Websphere domain. I exported it using pk12util
to a file called sunone_cert.p12.
I tried again to import the sunone_cert.p12 file by using the "import"
button under "Personal Cert" drop down list, it still gives me error message
saying "the specified database has been corrupted".
Then I tried to export a personal certificate from Websphere to Sunone, that
works.
Are "personal certificate" from Websphere equivalent to the "server
certificate" in SunOne?
The p12 files are all binary, so I am not sure whether they follow same
format. I did notice that the size of the file from SunOne and Websphere
are different, (sunOne p12 file is of larger size).
Any more suggestions?
Thanks,
Jennifer
I opened the
"Gopala Molakaluri" <dex...@yahoo.com> wrote in message
news:causf8$1sv4$1...@news.boulder.ibm.com...
Dexthor
configure WebSphere to use it.
Dexthor.
"Jennifer J-N Liu" <jen...@nortelnetworks.com> wrote in message
news:cavcn2$45ka$1...@news.boulder.ibm.com...