Updating the WebSphere Application Server default truststore for TLS connections with Eclipse Amlen

To use Transport Layer Security (TLS) communication with an Eclipse Amlen server, the WebSphere® Application Server must retrieve a signer certificate from a secure remote port during the handshake. After the signer certificate is retrieved, the signer certificate is added to a truststore.

The truststore that is to contain the signer certificate must exist. The Eclipse Amlen server must be running.

These steps are based on a non-cluster installation for WebSphere Application Server version 8.5. Complete the following steps in the administrative console to update the default truststore.

  1. Log on to the WebSphere Application Server administrative console.
  2. Click Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > Retrieve from port.
  3. Enter the host name or the IP address for your Eclipse Amlen server.
  4. Enter the port number for the secure port on your Eclipse Amlen server that you want to access from WebSphere Application Server.
  5. Enter an alias name for the signer certificate.
  6. Click Retrieve signer information.
    A message window displays information about the retrieved signer certificate, such as: the serial number, issued-to and issued-by identities, SHA hash, and expiration date.
  7. Click OK.
    This action indicates that you accept the credentials of the signer.
  8. Click Save.

The signer certificate that is retrieved from the remote port is stored in the truststore.