How to import certificates for monitoring Websphere Application Server with SSL authentication?

How to import certificates for monitoring Websphere Application Server with SSL authentication?

For users using Applications Manager version 14250 and below:

Client certificate in .cer format

1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.

2. Import your trusted CA certificate(s) to AppManager_Home\working\jre\lib\security\cacerts  ( In case of plugin build, import to AppManager_Home\working\conf\Truststore.truststore )

      Navigate to AppManager_Home\working\jre\bin, execute following command

      keytool -importcert -file [FILE PATH TO CERTIFICATE] -keystore [AppManager_Home\working\jre\lib\security\cacerts] -alias alias

       Example:
       keytool -importcert -file C:\myFiles\clientCertificate.cer -keystore AppManager_Home\working\jre\lib\security\cacerts -alias apmClient
        ( if alias already exists, please give any other name as alias

3. Restart Applications Manager 
You need to replace AppManager_Home with actual directory path where AppManager is installed.
Alternatively you can use KeyStore explorer. KeyStore Explorer is an open source GUI replacement for the Java command-line utilities like keytool.


Client certificate in PKCS12 format:


1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.

2. Import your client certificate(s) to AppManager_Home\working\jre\lib\security\cacerts  ( In case of plugin build, import to AppManager_Home\working\conf\Truststore.truststore )
     
     Navigate to AppManager_Home\working\jre\bin, execute following command

          keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore             AppManager_Home\working\jre\lib\security\cacerts -deststoretype JKS

            Enter destination keystore password: (by default it is changeit)
              Enter source keystore password:
              Entry for alias orakey successfully imported.

      Example:
        keytool -v -importkeystore -srckeystore C:\myFiles\clientCertificate.p12 -srcstoretype PKCS12 -destkeystore             AppManager_Home\working\jre\lib\security\cacerts -deststoretype JKS

3. Restart Applications Manager

You need to replace AppManager_Home with actual directory path where AppManager is installed.
Restart of APM is required after loading the certificates.


For users using Applications Manager version 14260 and above:


A new option to import SSL certificates from GUI was introduced with version 14260 release. 

To import certificates with "Manage Certificates", follow the steps given below:

  1. Go to Admin--> Tools--> Manage Certificates.
  2. Import Websphere server Trust Certificates, click on the "Trust Certificates" tab. Here you have 3 options to import certificates into trusted sources.
    1. Fetch certificate from the Websphere console URL  (https://<HOST>:<PORT>/ibm/console
      1. You will be prompted to verify and import the fetched certificate. 
      2. Choose the SSL version from the drop-down menu. By default, it is set as auto. 
      3. Click Import and it will be added to the trusted sources.
    2. Directly upload certificates from a Keystore/Truststore.
      1. If you choose this option, then you will have to browse and select the appropriate keystore/truststore/pfx file. 
      2. Input the password and click Fetch
      3. You will be shown a list of aliases availale in the truststore you can choose the ones you want and click Import.
    3. Directly upload certificates as files.
      1. Choose the necessary file. 
      2. On clicking Import, it will be added to Applications Manager's trust store.
  3. Restart Applications Manager