Exchanging and configuring certificates for WebSphere application server

Last Updated : Jun 19, 2024 |

About this task

Use this procedure to exchange and configure certificates on a single, or multiple application servers.

Important:

For multiple application servers, repeat all steps for each application server.

Before you begin

Configure the WebSphere application server to work with POM.

Procedure

  1. Using the browser window, log in to the WAS web console as an administrator.
  2. Select Security > SSL certificate and key management > Key stores and certificates.
  3. Create a new key store with name myTrustStore.
  4. Type the valid path of the key store and type the password changeit.
  5. Fill the mandatory details and click OK to create the key store.

    The system displays myTrustStore on the SSL certificate and key management page.

  6. Select myTrustStore > Signer Certificates.

    The system displays the root certificate generated by WAS.

  7. Select the Root Certificate tab and click Extract and save the certificate to your local system.
  8. Type a file name where this certificate is extracted.
  9. Using the browser window, log in to the primary EPM as administrator.
    Note:

    For multiple POM servers, that is, primary or auxiliary, log in to the primary EPM.

  10. Select Security > Certificates > Upload Trusted Certificate.
  11. On the Upload Trusted Certificate tab, specify the name and browse to the path where you save the certificate extracted in Step 5.

    WAS does not provide the option to configure SAN in its self-signed/ root certificates. Therefore, you must do the following:

    1. On the Experience Portal, navigate to System Configurations > Applications.
    2. Configure POM application URL using the hostname of the Application Server on https://<IP address>/VoicePortal/faces/home.jsf.
    3. For the hostname resolution, add the entry of the Application Server on EP/MPP and vice versa.
  12. Import the axis2 certificate.
  13. Select Import  > Security > Certificates > Trusted Certificate.
  14. On the Root Certificate tab, click Export and save the certificate to your local system.
    Note:

    The name of the file is sipCA.pem.

  15. In the navigation pane, select Proactive Outreach > Manager.
  16. From the drop-down menu, select Configurations > Servers.
  17. Click Export on the listed certificate tab and save it on your local system.
    Note:

    If you have multiple POM servers, you must export and save all the POM certificates.

  18. On the WAS web console, select Security > SSL certificate and key management > Key stores and certificates > myTrustStore > Personal certificates.
  19. Create a new personal certificate.
  20. Fill the mandatory details and click OK.

    A common name must be hostname of the WAS system.

  21. Click Extract and save the certificate to your local system.
  22. On EPM, click Security > Certificate Trusted Certificates and upload the certificate saved in Step 21.
  23. Using the browser window, log in to the Avaya Orchestration Designer application server by specifying the URL https://<application server IP address>:port number/runtimeconfig using the default user name and the password as ddadmin.

    The system prompts to set runtimeconfig password at the first login to the local application server.

  24. On the Avaya Orchestration Designer web interface, do the following:
    1. In the navigation pane, click Certificates.
    2. Click Change.

      The system displays Change Keystore page.

    3. In the Keystore Path field, type the path used in Step 5 for myTrustStore.
    4. In the Password field, type changeit.
    5. In the Confirm field, type changeit.
    6. Click Save.
    7. Click Add.

      The system displays the Add Certificate page.

    8. Type a name for the EPM certificate and browse to find the path where you saved the primary EPM root certificate exported in Step 14.
    9. Click Continue. The system displays the Certificates page.
    10. Click Save.
    11. Click Add. The system displays the Add Certificate page.
    12. Type a name for the POM certificate and browse to find the path where you saved the primary POM root certificate exported in Step 17.
    13. Click Continue.

      The system displays the Certificates page.

    14. Click Save.

      Install all POM applications one by one using detailed option and repeat steps used for deploying runtimeconfig.ear file.

    15. Click Fetch to fetch the axis2 certificate for primary EPM.

      In a multiple POM server environment, you must fetch the axis2 certificate from all auxiliary EPM servers.

      The system displays the Add Certificate page.

    16. In the Name field, type the name of the certificate. For example, axis_prim or axis_aux.
    17. In the Location field, type the client URL as https://<EPM IP address>/axis2. The Avaya Orchestration Designer application fetches the axis2 certificate and adds it to the list of certificates.
    18. Click Continue. The system displays the Certificates page.
    19. Click Save
  25. On the WAS system, in POM Nailer application select data directory. Open WASConfig.properties file and provide location of the keystoreFile, keystoreType, and keystorePass.
  26. Repeat above step for POM Driver application.
  27. Using the browser window, log in to the EPM as an administrator and do the following:
    Note:

    For multiple POM servers, log in to the primary EPM.

  28. In the navigation pane, click Proactive Outreach > Manager.
  29. Click Configurations > Trusted Certificates.
    Note:

    In a multiple POM server environment, you must fetch the axis2 certificate from all auxiliary EPM servers.

  30. In the Name field, type the name of the certificate. For example, axis_prim or axis_aux.
  31. In the Location field, type the client URL as https://<EPM IP address>/axis2.
  32. Click Continue.

    The system displays the Certificates page.

  33. Click Save.
  34. Click Import.

    The system displays the Add Certificates page.

  35. Type a name for the EPM certificate and browse to find the path where you saved the primary EPM root certificate exported in Step 14.
  36. Click Continue.

    The system displays the Certificates page.

  37. Click Save.
  38. Click Import.

    The system displays the Add Certificates page.

  39. Type a name for the WAS personal certificate and browse to find the path where you saved the WAS personal certificate exported in Step 22.
  40. Click Continue.

    The system displays the Certificates page.

  41. Click Save.
    Note:

    Install all POM applications one by one using detailed option and repeat steps used for deploying runtimeconfig.ear file.

  42. On the WAS system, in POM Nailer application select data directory. Open WASConfig.properties file and provide location of the keystoreFile and keystorePass.
  43. Repeat these steps for the POM Driver application.
  44. Restart the application server, MPP’s, and all auxiliary servers.