Accessing an HTTPS web service from WAS web client
Calling an HTTPS web service is a hell, if all our configurations are not correct. Accessing or calling a secured or HTTPS web service from a WAS web client, involves some configuration at the WAS side. If we miss these configurations we will get some nice SSL exceptions.
In order to get rid of all these SSL exceptions we need to import the server certificate to WAS trust store. So first extract the server certificate. To extract the server security certificate enter the URL in the browser (I was using IE). The browser will show the security alert pop up. Click on View Certificate
Now click on the Details tab and click on ‘Copy to File’ button
The certificate export wizard will be open. Click on Next button. From the export file format page accept the default values (DER encoded binary X.509 (.CER) will be selected by default) and click on next.
In the next screen enter the location where we want to store our certificate. (I used d:\wps.cer)
Click next and finish. We will be presented with a dialog box saying ‘The export was successful’. OK. We have done with our certificate export. The next step is to import the SSL certificate to server trust file.
For importing the SSL certificate to WebSphere Application Server’s trust store we need to know the location of the trust store file. To check the SSL setting, login to admin console. Click on SSL under security menu. From the SSL configuration repertoires page click on your SSL settings configuration link. Find out the trust file name and path under Trust file section.
If you are using the default settings the trust file name will be DummyServerTrustFile.jks. The default path will be WAS_INSTALL_DIR/profiles/ /etc/
Now go to WAS_INSTALL_DIR/bin directory and execute the iKeyMan.bat file. The IBM Key Management utility will be opened up. Click on ‘Key Database File’ and select open. From the dialog box opened select Key database type as JKS and enter the Server trust file name and path (DummyServerTrustFile.jks in my case).
Click on OK button. You will be prompted to enter the password. If you are using the default server trust file the default password for DummyServerTrustFile.jks is WebAS. Enter the password and click on OK.
Click on Add and select the server SSL certificate file which we extracted using Internet Explorer. (If you are not able to find the add button, select the Signer certificates under Key database content drop down) Click on OK button. You will be prompted to enter a label for the certificate. Enter the label you want for the certificate and click on OK. The server SSL certificate will be added to the WebSphere Application Server trust store. You are done. Close IBM Key Management tool and restart the application server. Now you will be able to access HTTPS web service from within your WebSphere Application Server without any problems.