Install rootca certificate into default java store
Jun 22, 2012 20:02 0 Comments Security Hawk


Install idnrootca certificate into default java store

This command needs to be executed on the box where you installed webMethods to install Root CA Certificate into your default java store.


$: pwd
->  /opt/softwareag/wm80_01/jvm/linux160_32/jre/lib/security
$: /opt/softwareag/wm80_01/jvm/linux160_64/jre/bin/keytool -importcert -alias idnrootca -file /opt/softwareag/install/WM/webMethods-configurator/security/root/root.der -keystore cacerts -storepass changeit


Generate your certificates

Install the Certificate Toolkit by running the Webmethods Installer.
Follow the steps found in the CertificateToolkitUsersGuide.pdf or alternatively, follow this simple guide 
SSL Certificate Setup using WM CertificateToolKit .
You will need to generate a private key and a certificate signing request (CSR).

Sign your certificate

You can get a CA such as verisign to sign it. Or you can sign it yourself. Here's how:

  1. Download OpenSSL. I used
  2. Once you have installed it go to the OpenSSL bin directory.
  3. You'll need to configure the Root CA, you can do this by first deleting PEM directory and running the following commands:
  4.   openssl md5 * > rand1.dat
  5.  openssl genrsa -rand rand1.dat -des3 1024 > ca.key
  6.  openssl req -new -key ca.key -out ca.csr
  7. openssl x509 -in ca.csr -out ca.crt -req -signkey ca.key -days 3650
  8. Now you can self sign the certificate. Note that you need to replace csr.pem with the CSR filename you created previously.
  9. Note: To specify certificate's expiry date, add option -days at the end of this command below
  10. openssl x509 -req -in csr.pem -out cert.crt -CA ca.crt -CAkey ca.key -CAcreateserial


Convert the Signed Certificate and CA root certficate to the DER format

Again, read CertificateToolkitUsersGuide.pdf. It will tell you how to convert a CRT to DER format.
You will need to convert ca.crt and cert.crt to DER format. ca.crt is the CA root certificate. cert.crt is the server certificate.


Copy the server private key, server certicate and CA root certifcate to the webmethods server.

If you're copying it to a UNIX server remember to set the transfer mode to binary.
You can copy the certificates anywhere under the IntegrationServer directory.
Config directory is a good place.
For example:

  1. CA Root - config/cas/ca.der
  2. Server Certificate - config/cert.der
  3. Server Private Key - config/privateKey.der (you generated this using the certificate toolkit in the very first step)

Add certificates to the server using the IS admin console

Refer to this document IntegrationServerAdminGuide.pdf
Or you can enter the details like so:


Create a Https Port

Again, refer to this document IntegrationServerAdminGuide.pdf.
In the diagram below, the port is using the certificate setup defined in the "Add certificates ..." step.





Test HTTPS Port

Ensure that your browser settings does not use a proxy.
Then try testing by invoking via URL: https://:


Prev Next
About the Author
Topic Replies (0)
Leave a Reply
Guest User

You might also like

Not sure what course is right for you?

Choose the right course for you.
Get the help of our experts and find a course that best suits your needs.

Let`s Connect