Use IKeyman to add the CA certificate to the WPS JRE truststore Acquire a

Use ikeyman to add the ca certificate to the wps jre

This preview shows page 21 - 26 out of 26 pages.

Use IKeyman to add the CA certificate to the WPS JRE truststore Acquire a base64 ASCII encoded version of the CA certificate which signed the Webservers certificate, either PEM or DER format is fine. Start the IKeyman tool by executing <WPS_HOME>/AppServer/bin/ikeyman.bat
Background image
Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet 22 Cognos Proprietary Information Select open a keystore
Background image
Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet 23 Cognos Proprietary Information Find cacertsat <WPS_HOME>/AppServer/java/jre/lib/security by clicking “Browse” in the file open dialog. Change the “Files of Type” filter to see it listed. Click “Open” Ensure “Key database type” is “JKS” and click “OK”
Background image
Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet 24 Cognos Proprietary Information You will get prompted for a password, by default this is “changeit” (without quotes) Enter this and click OK. You will now see a list of all the CA certificates the JRE trusts out of the box. If your Webserver certificate was signed by one of the commercial entities in this list you’re most probably done. If it doesn’t work then just import your CA anyway. Click “Add”
Background image
Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet 25 Cognos Proprietary Information Find your CA certificate by browsing for it. The type depends on whether you got a PEM (base64-encoded ASCII) or DER (binary DER) file. Click OK The tool will prompt you for an alias name to assign to this certificate. Just choose any but using the name of your company or the CA itself is a good practice like “Cognos CA” or “MyCA”. Click OK. You’ll now find your Certificate being listed. Done. You can close the tool, no additional save needed.
Background image
Enabling Single-Sign-On on WebSphere Portal in IBM Cognos ReportNet 26 Cognos Proprietary Information Use keytool add the CA certificate to the WPS JRE truststore Acquire a base64 ASCII encoded version of the CA certificate which signed the Webservers certificate, either PEM or DER format is fine. (So are PKCS#12 chains). Open a shell/command window and change to <WPS_HOME>/AppServer/java/jre/bin Issue the following command (all on one line) keytool –import –alias <AnAliasName> -file <absolute_path_to_cert> -keystore ../lib/security/cacerts –storepass changeitThis will have added the certificate with the given alias. To check issue keytool –list –keystore ../lib/security/cacaerts –storepass chageitthis will list all certificates with their alias and other information inside the keystore. For reference to keytool see
Background image

You've reached the end of your free preview.

Want to read all 26 pages?

  • Fall '19
  • IBM WebSphere Application Server, IBM Cognos, IBM WebSphere

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture