test

Configuring Java CAPS for SSL Support

ProcedureTo Issue a Certificate to Java CAPS

  1. Create a certificate request to the application server domain default keystore.jks.


    <JavaCAPS>\appserver\domains\<domain_name>\config> runmqckm -certreq -create 
-db keystore.jks -type jks -dn "CN=Client Identifier,O=SUN,OU=BI,L=BLR,C=IN" 
-label "ibmwebspheremqmyuserid" -file myappj.req

    When prompted to create a password, type the default password changeit for the application server. The certificate label chosen was ibmwebspheremqmyuserid.

  2. Transfer the certificate request file (myappj.req) to the directory where the CA files are located, then change to this directory:


    <JavaCAPS>\appserver\domains\<domain_name>\config> copy myappj.req C:\myCAdir
<JavaCAPS>\appserver\domains\<domain_name>\config> cd  C:\myCAdir

  3. Sign the application’s certificate by running the following:


    C:\myCAdir> runmqckm -cert -sign -db myCA.kdb -label "myCAcertificate" -expire 365 
-format ascii -file myappj.req -target myappj.cer

    When prompted for a password, supply the CA key repository’s password. Refer to the first step in To Create a Certification Authority.

  4. Transfer the signed certificate (myappj.cer) and the public certificate of the CA (myCAcertfile.cer) back to C:\MYAPPJ:


    C:\myCAdir> copy myappj.cer <JavaCAPS>\appserver\domains\<domain_name>\config\
C:\myCAdir> copy myCAcertfile.cer<JavaCAPS>\appserver\domains\<domain_name>\config
C:\myCAdir> cd <JavaCAPS>\appserver\domains\<domain_name>\config

  5. Add the CA certificate to the Java CAPS keystore.


    <JavaCAPS>\appserver\domains\<domain_name>\config> runmqckm -cert -add 
-db keystore.jks -type jks -file myCAcertfile.cer -label "theCAcertificate"

    When prompted for a password, supply the Java CAPS keystore password as changeit.

  6. Receive the certificate (now signed by the CA) into the Java CAPS keystore:


    <JavaCAPS>\appserver\domains\<domain_name>\config> runmqckm -cert -receive 
-db keystore.jks -type jks -file myappj.cer

    When prompted for a password, supply the Java CAPS keystore password as changeit.

  7. Add the CA certificate to truststore:


    <JavaCAPS>\appserver\domains\<domain_name>\config> runmqckm -cert -add 
-db cacerts.jks -type jks -file myCAcertfile.cer -label "theCAcertificate"