Maximo Open Forum

 View Only

 Issue importing renewed SSL certificate in WebSphere

  • Administration
  • Everything Maximo
  • Security
Danny Cordeau's profile image
Danny Cordeau posted 11-28-2024 11:24

Hi guys!

Maximo 7.6.1.3 here (7.6.1.3-IFIX20240319-1830) with WAS 9.0.5.19 (9.0.5019.20240304_1205)

I had to renew for the next year my SSL certificate with ikeyman. I received the new certificate (Sectigo) and I installed it in ikeyman. Validation is ok so I guess work is done here.

I then open WebSphere, go to Security -> SSL certificate and key management -> Key stores and certificates and I open CMSKeyStore. In Personal certificates, I click on "Import...", select my Key store file, the type, the password and when I click on "Get Key File Aliases", I obtain a null message...


Do you have any idea what should I do to import my new certificate?

TIA

Danny

Sankar Ganesh V S's profile image
Sankar Ganesh V S posted 11-29-2024 10:10

Hi Danny,

If you have already imported via iKeyman, it should reflect in the CMSStore. If not, please verify the filepath and keystore type (personal/signer) at ikeyMan.
Alternatively, you may import certitifcate via Websphere.

Go to 'key store file' option and provide the path of the cerificate file, password etc.
Click 'Get certificate alias' button.
Select the certificate from the 'Certificate alias to import' drop down menu. Click 'Apply'.

IBM Doc Ref: https://www.ibm.com/docs/en/order-management-sw/9.5.0?topic=encryption-importing-secure-sockets-layer-ssl-certificates-websphere

Danny Cordeau's profile image
Danny Cordeau posted 11-29-2024 10:59

Hi Sankar,

Thanks for your answer. Saldy, the answer you provided me is already what I tried to do. As soon as I click on "Get Key File Aliases" button, the "null" message appears so there's is no "Certificate alias to import". Here is a screenshot from my WebSphere instance :

Sankar Ganesh V S's profile image
Sankar Ganesh V S posted 11-29-2024 11:07

From the 'screenshot', I can see the path of '.kdb' file. (D:/KeyStore/key.kdb)
It must the path of certificate ('.pfx file).

Danny Cordeau's profile image
Danny Cordeau posted 11-29-2024 11:44

I always put the path to the kdb file. By entering the password and click on Get Key File Aliases, the work is usually done. I did as you said and I still get the same message :

Danny Cordeau's profile image
Danny Cordeau posted 12-09-2024 07:59

Finally, one of my colleague and I managed to import the SSL certificate. @Sankar Ganesh V S, you were right! In iKeyMan, I opened my kdb file to validate my certificate and I exported it in a p12 file. Then in WAS, I imported that new certificate with the path to the p12 file. It worked like a charm!

Have a nice day!

Danny

Related Content