Configure Self signed SSL certificate with Wbsphere Application server.

Hi everyone,

As a part of Security baseline it is always recommend that don’t use the default SSL certificate for Websphere application server, because default certificate display host name of your server. Se here we create the Self signed certificate and configure it. It is very simple task in case of webspher application server.

Before going to configure the SSL with Websphere, we need to know the basic things about SSL

What is SSL?  

SSL is an acronym for Secure Sockets Layer. The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

To know more about SSL go through this link https://calomel.org/ssl_certs.html

Procedure :

There are different methods to complete this task, but I always follow the bellow sequence to complete this Task.

1.      Creating SSL kyestore and SSL certificate for an application server.

2.      Creating SSL Configuration using new certificate

3.      Configuring SSL Configuration and SSL certificate.

4.      Configuring a browser to work with certificates.

Creating SSL kyestore and SSL certificate for an application server.

A Java KeyStore (JKS) is a repository of security certificates, either authorization certificates or public key certificates, used for instance in SSL encryption.

Procedure:

1. Navigate to Security > SSL certificate and key management > Key stores and certificates > in KeyStore Usages select SSL KeyStore and click on New.

2.     Enter The data in following field. e.g.

Name :TestKey

Path   :$WAS_HOME/profiles/AppSrv01/etc/TestKey.jsk.

Type   :JSK

Click on Apply and save.

  

3.  Once you created a keystore, create a SSL certificate and for that navigate to

SSL certificate and key management > Key stores and certificates > TestKey > Personal certificates then click on Create Self-Signed Certificate.

4.    Type in all required fields e.g.

Alias name : TestCertificate (The alias identifies the certificate request in the keystore).

Common name : TestCertificate (CN) value. This value is the CN value in the certificate distinguished name (DN).

Validity period : The default validity period value is 365 days.

 Click on Apply and save.

Creating SSL Configuration using new certificate

1.   To create new SSL configuration navigate to SSL certificate and key management > SSL configurations and click New.

2.     In following Screen Type following Information.

Name : TestCertificate

Trust Stote Name : TestKeyStore

Key Stote Name : TestKeyStore

Then Click on Get Certificate Aliases.

Then click on apply and save.

   

Configuring SSL Configuration and SSL certificate.

1.  Navigate to Servers> Websphere Application Server > Server1 > Web Container Setting > Web Container 

2.     Click on WCInboundDefaultSecure > SSL inbound channel (SSL_2)

3.     In SSL configuration select the TestCertificate.

4.     Click on Apply and Save.

5.     Repeat  the Step 1 to 4 for the WCInboundAdminSecure

       6. Restart Server to activate the changes

Here we done with the all required stuffs for SSL configuration, now on thing is left that is to configure the web browser for to use new certificate. For that we need to follow the bellow steps.

Configuring a browser to work with certificates

After the configuration of SSL on websphere application server perform the following steps to configure browser for same.

1.    When you go to the Internet Explorer and looking for WAS administration console you will get the following screen. Click on Certificat Error and then on View Certificates and you will get the certificate detail.

  

2.     This is the new SSL certificate which we had created and configured.

3.     Click on Install Certificate for install it on your system as a trusted certificate and then click Next

4.     In Certificate Store wizard select store and click Next

5.     Click on finish and then you will get The import was successful.

6.  Now navigate to Tools>Internet Options>Content>Certificates and check for your certificate name in Internet Explorer.

             And here we done with Installation of TestCertificate on your current system

8.  Click Tools > Internet Options > Advanced. Scroll down and clear the Warn about certificate address mismatch check box. Click OK. Close Internet Explorer

9.     Now open the new tab and try to access the WAS administration console and you will get the following output.

Hope this will work for you also..

Effort only fully releases its reward after a person refuses to quit.”

Regards,

Akhilesh B. Humbe