Install rootca certificate into default java store
Install idnrootca certificate into default java store
This command needs to be executed on the box where you installed webMethods to install Root CA Certificate into your default java store.
Generate your certificates
Install the Certificate Toolkit by running the Webmethods Installer.
Follow the steps found in the CertificateToolkitUsersGuide.pdf or alternatively, follow this simple guide SSL Certificate Setup using WM CertificateToolKit .
You will need to generate a private key and a certificate signing request (CSR).
Sign your certificate
You can get a CA such as verisign to sign it. Or you can sign it yourself. Here's how:
- Download OpenSSL. I used http://www.slproweb.com/products/Win32OpenSSL.html
- Once you have installed it go to the OpenSSL bin directory.
- You'll need to configure the Root CA, you can do this by first deleting PEM directory and running the following commands:
- openssl md5 * > rand1.dat
- openssl genrsa -rand rand1.dat -des3 1024 > ca.key
- openssl req -new -key ca.key -out ca.csr
- openssl x509 -in ca.csr -out ca.crt -req -signkey ca.key -days 3650
- Now you can self sign the certificate. Note that you need to replace csr.pem with the CSR filename you created previously.
- Note: To specify certificate's expiry date, add option -days at the end of this command below
- openssl x509 -req -in csr.pem -out cert.crt -CA ca.crt -CAkey ca.key -CAcreateserial
Convert the Signed Certificate and CA root certficate to the DER format
Again, read CertificateToolkitUsersGuide.pdf. It will tell you how to convert a CRT to DER format.
You will need to convert ca.crt and cert.crt to DER format. ca.crt is the CA root certificate. cert.crt is the server certificate.
Copy the server private key, server certicate and CA root certifcate to the webmethods server.
If you're copying it to a UNIX server remember to set the transfer mode to binary.
You can copy the certificates anywhere under the IntegrationServer directory.
Config directory is a good place.
- CA Root - config/cas/ca.der
- Server Certificate - config/cert.der
- Server Private Key - config/privateKey.der (you generated this using the certificate toolkit in the very first step)
Add certificates to the server using the IS admin console
Refer to this document IntegrationServerAdminGuide.pdf
Or you can enter the details like so:
Create a Https Port
Again, refer to this document IntegrationServerAdminGuide.pdf.
In the diagram below, the port is using the certificate setup defined in the "Add certificates ..." step.
Test HTTPS Port
Ensure that your browser settings does not use a proxy.
Then try testing by invoking via URL: https://: