Certificate management made easy in PureApplication’s Virtual Application instances

 

Communication security is a necessity for almost all web applications. Secure Sockets Layer (SSL) protocol provides secure encrypted client-server communication with the use of certificates.

In my previous post I talked about the easy operations that PureApplication has for troubleshooting. In this post I’m going to talk about the operations available for certificate management on an Web Application Pattern Type 2.0 – Sample Secured Java EE Web application instance.

The deployed application instance comes with a default uniquely generated certificate – signed by the internal WebSphere root signer – valid for one year. To extend the default certificate’s expiration date, click Submit under Renew WebSphere Application Server application SSL certificate (as in some other operations, a confirmation dialog pops up).

The default certificate can be replaced with a certificate signed by an external certificate authority (CA). After filling the fields to Create CA signer request, the signer request file (to be sent to the CA for signing) can be downloaded from the link on the Return Value column on the Operation Execution Results pane.

Once the CA provides the signed certificate, it can be imported and will replace the previous application certificate. The certificate can be base64-encoded PEM or binary-encoded DER and the file can be local or in a remote path (HTTP or HTTPS URL).

To connect the application securely to external services, import the SSL signer certificate into the WebSphere Application Server truststore. Again, the certificate can be base64-encoded PEM or binary-encoded DER and the file can be local or in a remote path (HTTP or HTTPS URL).

The Remove WebSphere Application Server truststore certificate operation allows to remove from the truststore a previous imported signer certificate.

When an external service needs to connect securely to the application, export the signer part of the application certificate. The supported certificate encoding are base64-encoded PEM or binary-encoded DER. When the operation is complete the file can be downloaded from the link on the Return Value column on the Operation Execution Results pane.

Lightweight Third-Party Authentication (LTPA) is the IBM authentication technology for Single sign-on (SSO) on WebSphere. To use SSO across multiple Virtual Application instances there are the Regenerate, Import and Export LTPA keys operations.

For more information check these IBM PureApplication System Information Center links:


Comments Off
Gabriel Piedade

About Gabriel Piedade

Gabriel is an IT Specialist working at IBM for more than 6-years in Integrated Technology Delivery SSO, Hortolandia, São Paulo, Brazil where he develops and implements middleware solutions mainly with the WebSphere family. He holds a Bachelor's degree in Computer Engineering and a number of IBM certifications. Follow Gabriel on Twitter @grpiedade