Friday, October 28, 2016

How to import SSL certificates into webMethods Integration Server

In this article I described how you can generate a self-signed SSL certificate to enable HTTPS in webMethods Integration Server: How to create a self-signed SSL certificate for webMethods Integration Server with OpenSSL. Now it’s time to import a realcertificate.
If you have received the signed certificate from your Certificate Authority, you can follow these steps to import it into Integration Server. I’m using OpenSSL on a Linux machine and Java’s keytool on my Windows workstation for the command line work.

Prepare the certificate

  • The private key has to be in PEM format and needs to be BASE64 encoded. At least in my case OpenSSL wasn’t able to handle it otherwise.
  • First of all, you need to protect your private key with a password, if you haven’t already done so.
    openssl rsa -des3 -in integrationserver.key -out integrationserver.key
  • If the certificate is in format DER (in my case it was and the file had the ending cer), it has to be converted to PEM:
    openssl x509 -in integrationserver.cer -inform DER -out integrationserver.crt -outform PEM
  • Now the keystore for Integration Server can be created:
    openssl pkcs12 -export -des3 -in integrationserver.crt -inkey integrationserver.key -out integrationserver.p12
  • Now we need to create a Truststore containing the issuing certificates of our certificate. You need to download the required certificates for the whole certificate chain and add them to a Truststore:
    keytool -import -alias rootCA -keystore integrationserver.jks -file rootCA.crt
    You need to repeat this command for each certificate of the chain with a unique alias.

Import the certificate into Integration Server

  • Create a Truststore Alias under Security -> Keystore -> Create Truststore Alias.
    Create a Truststore Alias in webMethods Integration Server
  • Create a Keystore Alias under Security -> Keystore -> Create Keystore Alias.
    Create a Keystore Alias in webMethods Integration Server
  • Create an HTTPS Port Security -> Ports -> Add Port.
    Create an HTTPS Port in webMethods Integration Server
  • Enable access through the new port.
    Enable access through an HTTPS Port in webMethods Integration Server
  • Test your new HTTPS connection in a browser:
    https://YOUR-SERVERNAME:5443/

No comments:

Post a Comment