Technical Blog Post
Abstract
WebSphere Application Server for z/OS - Choosing a default SSl certificate
Body
If there is no cell default certificate SSL setting, then JSSE will pick one.
To set a default do the following:
- In your Deployment Manager environment, logon to the Admin console.
- Go to Security --> SSL certificates and key management --> manage endpoint security configurations.
- Under inbound, select the entry that contains your cell name followed by "(CellDefaultSSLSettings,)".
- Next click on update certificate alias list under SSL configuration.
- Next click the down arrow in the drop down list box for Certificate alias in key store.
- From the list select the default personal certificate you want to use.
- Click on OK.
- Click on Save.
- From the SSL Certificate and Key Management --> Manage endpoint security configurations, you should now see the name of the certificate you selected following "(CellDefaultSSLSettings,".
- You have now selected your desired default personal certificate.
The cell level security.xml sslconfiggroups entry should now have a certificateAlias entry where "xxxxx" is whatever you chose:
<sslConfigGroups xmi:id="SSLConfigGroup_1" name="d8cell"
direction="inbound" certificateAlias="xxxxxx" sslConfig="SSLConfig_1"
managementScope="ManagementScope_1" />
title image (modified) credit: (cc) Some rights reserved by Arvin61r58
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]
UID
ibm11080651