This post will guide you on how to create and configure custom keystores and truststores instead of using the default keystores and truststores that are created during the profile creation.<\/p>\n
Imagine if you have two or more applications running on the same application server profile, Then we can use this feature if any application needs specific certificates. The keystores and truststores can be configured at server\/cluster level.<\/p>\n
-> Default Keystores and Truststores are created and configured by default at cell level during the profile creation.<\/p>\n
-> Custom Keystores and Truststores can be created and configured for at server\/application\/cluster\/node level. This will ensure the keystores are independent of other applications.<\/p>\n
Incase of the following error:<\/strong><\/b><\/p>\n Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure<\/p>\n The following steps can be used to fix this error.<\/p>\n Creation of Keystore and Truststores from console:<\/strong><\/b><\/p>\n Step 1: \u00a0<\/strong><\/b>Navigate to Security >SSL certificate and key management > Manage endpoint security configurations > Inbound > NodeName > ServerName >\u00a0\u00a0Key stores and certificates > New<\/p>\n Step 2:<\/strong><\/b> Fill the relevant fields.<\/p>\n Name :<\/strong><\/b> CustomKeystore Step 3: <\/b>Once you click on apply, a file with the name that you have given in the path will be created.<\/p>\n Step 4:<\/strong><\/b> The same process can be followed to create a trust store.<\/p>\n With the above steps, The keystore and truststores are created.<\/p>\n Now to configure the websphere application server to identify these keystores and truststores and override the default keystore and truststore properties, The following steps are required to be followed.<\/p>\n Step 1: <\/b>Login to the websphere application server console,<\/p>\n Step 2: <\/strong><\/b>Navigate to Servers > Server Types > WebSphere application Servers > Server (Select the server that you want these customized keystores to be used) > Java and Process Management > Process Definition > Java Virtual Machine<\/p>\n Step 3:\u00a0 <\/strong><\/b>Add these following properties to the Generic arguments.<\/p>\n -server -Djavax.net.ssl.trustStore=Path to truststore\/trust.p12 -Djavax.net.ssl.trustStorePassword=WebAS -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.keyStore=Path to Keystore\/key.p12 -Djavax.net.ssl.keyStorePassword=WebAS -Djavax.net.ssl.keyStoreType=PKCS12<\/p>\n Step 4: \u00a0<\/strong><\/b>Apply the settings and restart the JVM and check the process information<\/p>\n ps -eaf | grep java | grep <servername><\/p>\n This should reflect the parameters added in the Generic arguments.<\/p>\n That’s it. You are now using the customized keystores and certificates.<\/p>\n","protected":false},"excerpt":{"rendered":" This post will guide you on how to create and configure custom keystores and truststores instead of using the default keystores and truststores that are created during the profile creation.<\/p>\n Imagine if you have two or more applications running on the same application server profile, Then we can use this feature if any application needs […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5671"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5671"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5671\/revisions"}],"predecessor-version":[{"id":5672,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5671\/revisions\/5672"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nDescription : <\/strong><\/b>Keystore specific to an application
\nManagement\u00a0scope:<\/strong><\/b>\u00a0This\u00a0is\u00a0grayed\u00a0out,\u00a0This\u00a0shows the scope it is currently in, (Cell)(Node)(Server) ->\u00a0It\u00a0belongs to server\u00a0scope.
\nPath : <\/strong><\/b>The Path Where you want the keystore.p12 to be created.
\nPassword : <\/strong><\/b>Defualt will be WebAS
\nType :<\/strong><\/b> I have choosen p12, You can choose what ever you want to use.
\nRemotely Managed :<\/strong><\/b>\u00a0In case\u00a0if the path of the key file is present in a remote server, You have to check this\u00a0option and provide the alias name of that server which is present in serverindex.xml or else error will be displayed.<\/p>\n