IBM WebSphere – SSL Instructions

Like the majority of server systems you will install your SSL certificate on the same server or keystore  where your Certificate Signing Request (CSR) was created. Your private key will always be left on and inside the  server system and keystore where the CSR was originally created.

Your SSL certificate will not work without original keystore file. We will assume that this is the original system. If you lose your keystore file or your password to access it. your SSL Certificate will no longer match and you will need to replace the certificate.

IBM WebSphere is a very complex system. These instructions are from a best effort to make certificate installation as simple as possible. For configurations and binding refer to IBM documentation at the end of this article.

Step 1: Picking up your SSL Certificate & its Intermediate CA certificate:

1. If you had the option of server type during enrollment and selected Other you will receive a x509/.cer/.crt/.pem version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate.
2. Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters.
3. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .cer
4. If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email. Copy and paste the contents of your Intermediate CA into its own Notepad file and save it with a .cer extension also.
   Note: Some CAs may require two intermediates for best compatibility. These two are to be copied within their own corresponding .cer files and installed one at a time in a repeated process for intermediate installation.
5. Getting your Root CA will vary and you may have to consult your CA in order to get this. It must be in its own Notepad file and saved with a .cer extension. Click here to see a list of intermediate and root the SSL Support Desk has on file.

2: Importing your Intermediate & Root Certificates:

1. Start the Key Management Utility (iKeyman).
2. Click on Key DataBase File
3. In the Open window under Key database type drop down menu select JKS and then click Browse.. locate the keystore file you created back when you generated your CSR.
   Note: Key database type is chosen based on previous CSR generation instructions. If you did not generate a JKS keystore then select the type you used during your CSR generation.
4. Click Open.
5. Enter the password, then click OK.
   
6. From the Key database content drop down menu select Signer Certificates, and then click Add.
   
7. Browse to the location of your Root.cer file.
   Note: you may have to click the Files of Type drop down and select All Files to find your files.
8. Click Open.
9. In the Enter a Label window. Specify a friendly name for this such as “root” or” “intermediate” certificate then click OK.
   
10. Your Root certificate has been added.
11. Repeat this process again for your Intermediate.cer file.

Step 3: Installing your Server Certificate:

1. Under the Key Database content drop down menu select Personal Certificates, and then click Receive.
   
2. In the popup window click Browse…  and specify the location and path of your .crt server certificate.
3. Click OK.

Congrats you have installed your Server certificate on your IBM WebSphere.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

IBM Support:
for more information refer to IBM