Obtaining the root certificate

Download a certificate authority's (CA) root certificate. After you download the certificate, you must add it to the IBM® WebSphere® Application Server truststore. For connections to AOL, download the Equifax Secure CA because this certificate is used by both communities. For connections to XMPP communities, you must determine what root certificate, if any, is being used, and then check to see if WebSphere Application Server already recognizes the certificate, and, if necessary, download and add the certificate to your truststore.

About this task

XMPP communities are free to use either a TLS/SSL or TCP connection, so a certificate may not be needed. If the XMPP community is using TLS/SSL, the root certificate CA may already be in the WebSphere Application Server truststore. If not, you must obtain it.

Procedure

  1. To obtain the same certificate used by AOL:
    1. Go to GeoTrust Root Certificates and download the Equifax Secure Certificate Authority.
    2. In the list of certificates, navigate to the following: 
      All other SSL certificates except for Quick SSL:
Equifax Secure Certificate Authority
    3. Select the following download: 
      Download - Equifax Secure Certificate Authority (Base-64 encoded X.509)
    4. Add this root CA to your WebSphere Application Server truststore (see next step in setting up SSL).
  2. AOL users require additional certificates:
    1. Navigate to AOL Root Certifier Authority Website and download both the "America Online Root CA 1" certificate and the "America Online Root CA 2" certificate.
    2. Navigate to AOL® Member Security PKI and download the "AOL Member CA" certificate.
  3. To obtain a root certificate used by a XMPP community:
    1. Check with the XMPP community to determine which trusted certificate authority they are using.
    2. Determine if WebSphere Application Server supports the certificate.
    3. If the certificate is recognized, there's nothing more to do on this step.
    4. If the certificate is not recognized, obtain the certificate from the CA and add it to your truststore (see next step in setting up SSL).

What to do next

If for any reason the root certificate authority for an instant messaging community changes or you add an additional instant messaging community to your Sametime® Gateway, you must explicitly add the new root CA to your WebSphere Application Server truststore.