To Configure a Secure WebSphere Instance

1. Start ikeyman.sh, located in the Websphere /bin directory.

2. From the Signer menu, import the certification authority’s (CA) certificate.

3. From the Personal Certs menu, generate the CSR.

4. Retrieve the certificate created in the previous step.

5. Select Personal Certificates and import the server certificate.

6. From the WebSphere console, change the default SSL settings and select the ciphers.

7. Set the default IBM JSSE SSL provider.

8. Enter the following command to import the Root CA certificate from the file you just created into application server JVM Keystore:

   $ appserver_root-dir/java/bin/ keytool -import -trustcacerts -alias cmscacert -keystore ../jre/lib/security/cacerts -file /full_path_cacert_filename.txt

   app-server-root-dir is the root directory for the application server and full_path_cacert_filename.txt is the full path to the file containing the certificate.

9. In Access Manager, update the following parameters in AmConfig.properties to use JSSE:

   com.sun.identity.jss.donotInstallAtHighestPriority=true com.iplanet.security.SecureRandomFactoryImpl=com.iplanet. am.util.SecureRandomFactoryImpl com.iplanet.security.SSLSocketFactorImpl=netscape.ldap.factory. JSSESocketFactory com.iplanet.security.encyptor=com.iplanet.services.unil.JCEEncryption

10. Configure Access Manager in SSL Mode. For more information, see Configuring Access Manager in SSL Mode.