6.13 Import the eDirectory Trusted Root to the WebSphere Keystore

  1. The User Application installation procedure exports the eDirectory™ trusted root certificates to the directory in which you install the User Application. Copy these certificates to the machine hosting the WebSphere server.

  2. Import the certificates into the WebSphere keystore. You can do this by using the WebSphere administrator’s console (Importing Certificates with the WebSphere Administrator’s Console) or through the command line (Importing Certificates with the Command Line).

  3. After you import certificates, proceed to Section 6.14, Deploying the IDM WAR File.

6.13.1 Importing Certificates with the WebSphere Administrator’s Console

  1. Log in to the WebSphere administration console as an admin user.

  2. From the left panel, go to Security > SSL Certificate and Key Management.

  3. In the list of settings on the right, go to Key stores and certificates under Additional Properties.

  4. Select NodeDefaultTrustStore (or the trust store you are using).

  5. Under Additional Properties on the right, select Signer Certificates.

  6. Click Add.

  7. Type the Alias name and full path to the certificate file.

  8. Change the Data type in the drop-down list to Binary DER data.

  9. Click OK. You should now see the certificate in the list of signer certificates.

6.13.2 Importing Certificates with the Command Line

From the command line on the machine hosting the WebSphere server, run the keytool to import the certificate into the WebSphere keystore.

NOTE:You need to use the WebSphere keytool or this does not work. Also, be sure the store type is PKCS12.

The WebSphere keytool can be found at /IBM/WebSphere/AppServer/java/bin.

The following is a sample keytool command:

keytool -import -trustcacerts -file servercert.der -alias myserveralias -keystore trust.p12 -storetype PKCS12

If you have more than one trust.p12 file on your system, you might need to specify the full path to the file.