Communication security is a necessity for almost all web applications. Secure Sockets Layer (SSL) protocol provides secure encrypted client-server communication with the use of certificates.
In my previous post I talked about the easy operations that PureApplication has for troubleshooting. In this post I’m going to talk about the operations available for certificate management on an Web Application Pattern Type 2.0 – Sample Secured Java EE Web application instance.
The deployed application instance comes with a default uniquely generated certificate – signed by the internal WebSphere root signer – valid for one year. To extend the default certificate’s expiration date, click Submit under Renew WebSphere Application Server application SSL certificate (as in some other operations, a confirmation dialog pops up).
The default certificate can be replaced with a certificate signed by an external certificate authority (CA). After filling the fields to Create CA signer request, the signer request file (to be sent to the CA for signing) can be downloaded from the link on the Return Value column on the Operation Execution Results pane.
Once the CA provides the signed certificate, it can be imported and will replace the previous application certificate. The certificate can be base64-encoded PEM or binary-encoded DER and the file can be local or in a remote path (HTTP or HTTPS URL).
To connect the application securely to external services, import the SSL signer certificate into the WebSphere Application Server truststore. Again, the certificate can be base64-encoded PEM or binary-encoded DER and the file can be local or in a remote path (HTTP or HTTPS URL).
The Remove WebSphere Application Server truststore certificate operation allows to remove from the truststore a previous imported signer certificate.
When an external service needs to connect securely to the application, export the signer part of the application certificate. The supported certificate encoding are base64-encoded PEM or binary-encoded DER. When the operation is complete the file can be downloaded from the link on the Return Value column on the Operation Execution Results pane.
Lightweight Third-Party Authentication (LTPA) is the IBM authentication technology for Single sign-on (SSO) on WebSphere. To use SSO across multiple Virtual Application instances there are the Regenerate, Import and Export LTPA keys operations.
For more information check these IBM PureApplication System Information Center links: