To avoid criticalities during this activity, it’s advisable to take backups of the keystore.
• Take the backup of both key.p12 and trust.p12 from the location as mentioned below :
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/*******Cell01
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/*******Cell01/nodes/*******Node01
• Get the required certificate(signaturevalidation and encryption certs) for renewal in .PEM format (Only this format). Certificate can be copied from Metadata file provided by partner. Copy the certificate in the notepad and add Begin and end certificate tags in Beginning and End and save the file in .cer format.
• Import both the certs in DefaultTrustedKeyStore in TFIM (testonly is the password for DefaultTrustedKeyStore).
• Load the Configuration in TFIM.
• Choose the required partner and click on properties.
• Under Signature Validation key, choose keystore >DefaultTrustedKeyStore, provide password and select the signature_validation.crt.
• Under Encryption Key Identifier, choose keystore >DefaultTrustedKeyStore, provide password and select the encryption.crt.
• No changes required under Server Validation Certificate
• Load the Configuration.
• Validate the changes
• Check the partner status(should be enabled) before testing the federation.
• Restart WAS if federation fails to work.(Not Mandatory)
Thanks,
Nandavaram Pavan Kumar
• Take the backup of both key.p12 and trust.p12 from the location as mentioned below :
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/*******Cell01
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/*******Cell01/nodes/*******Node01
• Get the required certificate(signaturevalidation and encryption certs) for renewal in .PEM format (Only this format). Certificate can be copied from Metadata file provided by partner. Copy the certificate in the notepad and add Begin and end certificate tags in Beginning and End and save the file in .cer format.
• Import both the certs in DefaultTrustedKeyStore in TFIM (testonly is the password for DefaultTrustedKeyStore).
• Load the Configuration in TFIM.
• Choose the required partner and click on properties.
• Under Signature Validation key, choose keystore >DefaultTrustedKeyStore, provide password and select the signature_validation.crt.
• Under Encryption Key Identifier, choose keystore >DefaultTrustedKeyStore, provide password and select the encryption.crt.
• No changes required under Server Validation Certificate
• Load the Configuration.
• Validate the changes
• Check the partner status(should be enabled) before testing the federation.
• Restart WAS if federation fails to work.(Not Mandatory)
Thanks,
Nandavaram Pavan Kumar
No comments:
Post a Comment