How to import certificates for monitoring Websphere Application Server with SSL authentication?
For users using Applications Manager version 14250 and below:
Client certificate in .cer format
1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
2. Import your trusted CA certificate(s) to AppManager_Home\working\jre\lib\security\cacerts ( In case of plugin build, import to AppManager_Home\working\conf\Truststore.truststore )
Navigate to AppManager_Home\working\jre\bin, execute following command
keytool -importcert -file [FILE PATH TO CERTIFICATE] -keystore [AppManager_Home\working\jre\lib\security\cacerts] -alias alias
Example:
keytool -importcert -file C:\myFiles\clientCertificate.cer -keystore AppManager_Home\working\jre\lib\security\cacerts -alias apmClient
( if alias already exists, please give any other name as alias)
3. Restart Applications Manager
You need to replace AppManager_Home with actual directory path where AppManager is installed.
Alternatively you can use KeyStore explorer. KeyStore Explorer is an open source GUI replacement for the Java command-line utilities like keytool.
Client certificate in PKCS12 format:
1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
2. Import your client certificate(s) to AppManager_Home\working\jre\lib\security\cacerts ( In case of plugin build, import to AppManager_Home\working\conf\Truststore.truststore )
Navigate to AppManager_Home\working\jre\bin, execute following command
keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore AppManager_Home\working\jre\lib\security\cacerts -deststoretype JKS
Enter destination keystore password: (by default it is changeit)
Enter source keystore password:
Entry for alias orakey successfully imported.
Example:
keytool -v -importkeystore -srckeystore C:\myFiles\clientCertificate.p12 -srcstoretype PKCS12 -destkeystore AppManager_Home\working\jre\lib\security\cacerts -deststoretype JKS
3. Restart Applications Manager
You need to replace AppManager_Home with actual directory path where AppManager is installed.
Restart of APM is required after loading the certificates.
For users using Applications Manager version 14260 and above:
A new option to import SSL certificates from GUI was introduced with version 14260 release.
To import certificates with "Manage Certificates", follow the steps given below:
- Go to Settings --> Tools --> Manage Certificates.
- Import Websphere server Trust Certificates, click on the "Trust Certificates" tab. Here you have 3 options to import certificates into trusted sources.
- Fetch certificate from the Websphere console URL (https://<HOST>:<PORT>/ibm/console)
- You will be prompted to verify and import the fetched certificate.
- Choose the SSL version from the drop-down menu. By default, it is set as auto.
- Click Import and it will be added to the trusted sources.
- Directly upload certificates from a Keystore/Truststore.
- If you choose this option, then you will have to browse and select the appropriate keystore/truststore/pfx file.
- Input the password and click Fetch.
- You will be shown a list of aliases availale in the truststore you can choose the ones you want and click Import.
- Directly upload certificates as files.
- Choose the necessary file.
- On clicking Import, it will be added to Applications Manager's trust store.
- Restart Applications Manager
- Go to Settings --> Tools --> Manage Certificates.
- Import Websphere server Trust Certificates, click on the "Trust Certificates" tab. Here you have 3 options to import certificates into trusted sources.
- Fetch certificate from the Websphere console URL (https://<HOST>:<PORT>/ibm/console)
- You will be prompted to verify and import the fetched certificate.
- Choose the SSL version from the drop-down menu. By default, it is set as auto.
- Click Import and it will be added to the trusted sources.
- Directly upload certificates from a Keystore/Truststore.
- If you choose this option, then you will have to browse and select the appropriate keystore/truststore/pfx file.
- Input the password and click Fetch.
- You will be shown a list of aliases availale in the truststore you can choose the ones you want and click Import.
- Directly upload certificates as files.
- Choose the necessary file.
- On clicking Import, it will be added to Applications Manager's trust store.
- Restart Applications Manager
New to ADSelfService Plus?
Related Articles
How to import certificates for monitoring DB2 Server with SSL authentication?
By default, if you want to use self-signed certificates for SSL connection then the certificate generated by the DB2 server will be db2server.arm. But our AppManager doesn't support arm files. So it has to be renamed as the db2server.cer and then ...How to import certificates for monitoring Postgres Server with SSL authentication?
Error Message: The connection attempt failed! Reason: This error occurs when you are trying to add an SSL enabled server but the certificates which are used for SSL connection are not present in the cacerts. Solution: To import certificates, ...How to import certificates for monitoring Oracle database with SSL authentication?
For users using Applications Manager version 14250 and below: One-way SSL: (Client authentication disabled) 1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory. 2. Import your ...How to import certificates for monitoring MariaDB/MySQL DB Server with SSL authentication?
To monitor the MariaDB/MySQL, the respective MariaDB or MySQL driver must be utilized. In Applications Manager, the required driver can be selected in the Monitor Add/Edit page. MariaDB Driver connection If the monitor was added using MariaDB for ...Troubleshooting SSL Handshake Error
SSL Handshake Error SSL Handshake error occurs when a secure connection cannot be established to the URL added for monitoring. Common reasons for it are wrong SSL protocol version, incompatible ciphers, and invalid/missing client-side certificate. ...