For users using Applications Manager version 14250 and below:
Client certificate in .cer format
1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
2. Import your trusted CA certificate(s) to AppManager_Home\working\jre\lib\security\cacerts ( In case of plugin build, import to AppManager_Home\working\conf\Truststore.truststore )
Navigate to AppManager_Home\working\jre\bin, execute following command
keytool -importcert -file [FILE PATH TO CERTIFICATE] -keystore [AppManager_Home\working\jre\lib\security\cacerts] -alias alias
Example:
keytool -importcert -file C:\myFiles\clientCertificate.cer -keystore AppManager_Home\working\jre\lib\security\cacerts -alias apmClient
( if alias already exists, please give any other name as alias)
3. Restart Applications Manager
You need to replace AppManager_Home with actual directory path where AppManager is installed.
Alternatively you can use
KeyStore explorer. KeyStore Explorer is an open source GUI replacement for the Java command-line utilities like keytool.
1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory.
2. Import your client certificate(s) to AppManager_Home\working\jre\lib\security\cacerts ( In case of plugin build, import to AppManager_Home\working\conf\Truststore.truststore )
Navigate to AppManager_Home\working\jre\bin, execute following command
keytool -v -importkeystore -srckeystore [PATHTOCERTIFICATE] -srcstoretype PKCS12 -destkeystore AppManager_Home\working\jre\lib\security\cacerts -deststoretype JKS
Enter destination keystore password: (by default it is changeit)
Enter source keystore password:
Entry for alias orakey successfully imported.
Example:
keytool -v -importkeystore -srckeystore C:\myFiles\clientCertificate.p12 -srcstoretype PKCS12 -destkeystore AppManager_Home\working\jre\lib\security\cacerts -deststoretype JKS
3. Restart Applications Manager
You need to replace AppManager_Home with actual directory path where AppManager is installed.
Restart of APM is required after loading the certificates.
For users using Applications Manager version 14260 and above:
A new option to import SSL certificates from GUI was introduced with version 14260 release.
To import certificates with "Manage Certificates", follow the steps given below:
- Go to Admin--> Tools--> Manage Certificates.
- Import Websphere server Trust Certificates, click on the "Trust Certificates" tab. Here you have 3 options to import certificates into trusted sources.
- Fetch certificate from the Websphere console URL (https://<HOST>:<PORT>/ibm/console)
- You will be prompted to verify and import the fetched certificate.
- Choose the SSL version from the drop-down menu. By default, it is set as auto.
- Click Import and it will be added to the trusted sources.
- Directly upload certificates from a Keystore/Truststore.
- If you choose this option, then you will have to browse and select the appropriate keystore/truststore/pfx file.
- Input the password and click Fetch.
- You will be shown a list of aliases availale in the truststore you can choose the ones you want and click Import.
- Directly upload certificates as files.
- Choose the necessary file.
- On clicking Import, it will be added to Applications Manager's trust store.
- Restart Applications Manager