Configuring the certificate authority

Configuring the certificate authority includes configuring WebSphere® Application Server to support Secure Socket Layer (SSL) client authentication, and adding the signer certificate for your organization to the truststore.

About this task

Signer certificates establish the trust relationship in SSL communication. The signer certificate determines whether a user certificate is accepted. After a signer certificate is accepted, the LDAP server looks up the user in the registry. If the user is found, the HCL Compass Web logon window opens.

Procedure

  1. Configure WebSphere Application Server to support SSL client certificates.
    1. In the WebSphere Application Server administrative console, click Security > SSL certificate and key management.
    2. Under Related Items, click SSL configurations.
    3. In the SSL configurations table, click either a node name, or NodeDefaultSSLSettings if you are using default settings.
    4. Under Additional Properties, click Quality of protection (QoP) settings.
    5. Select Supported from the Client certificate authentication list.
      Important: Do not select Required. Otherwise, you cannot log on to the WebSphere Application Server administrative console.
    6. Click Apply. Then, click Save.
  2. Add the signer certificate to the WebSphere Application Server truststore.
    1. Click Security > SSL certificate and key management.
    2. Under Related Items, click Keystores and certificates.
    3. In the keystore types table, click either a truststore or NodeDefaultTrustStore if you are using the default settings.
    4. Under Additional Properties, click Signer certificates.
    5. Click Add.
      • In the Alias field, type an alias name to represent the signer certificate.
      • In the File name field, type the path and file name of the signer certificate.
        Important: The file must be on the WebSphere Application Server. If you are using OpenSSL, then you must give a path to the .pem file.
      • Select Base64-encoded ASCII data from the Data type list.
      • Click Apply. Then, click Save.
    For more information about configuring the client certificate authority, including guidance on complex deployment scenarios, see the following WebSphere Application Server Information Center help topics:
    • Secure Socket Layer client certificate certification (V8.0, V8.5)
    • Adding a signer certificate to a keystore (V8.0, V8.5)