In this article I described how you can generate a self-signed SSL certificate to enable HTTPS in webMethods Integration Server: How to create a self-signed SSL certificate for webMethods Integration Server with OpenSSL. Now it’s time to import a real certificate.
If you have received the signed certificate from your Certificate Authority, you can follow these steps to import it into Integration Server. I’m using OpenSSL on a Linux machine and Java’s keytool on my Windows workstation for the command line work.
Prepare the certificate
- The private key has to be in PEM format and needs to be BASE64 encoded. At least in my case OpenSSL wasn’t able to handle it otherwise.
-
First of all, you need to protect your private key with a password, if you haven’t already done so.
openssl rsa -des3 -in integrationserver.key -out integrationserver.key -
If the certificate is in format DER (in my case it was and the file had the ending cer), it has to be converted to PEM:
openssl x509 -in integrationserver.cer -inform DER -out integrationserver.crt -outform PEM -
Now the keystore for Integration Server can be created:
openssl pkcs12 -export -des3 -in integrationserver.crt -inkey integrationserver.key -out integrationserver.p12 -
Now we need to create a Truststore containing the issuing certificates of our certificate. You need to download the required certificates for the whole certificate chain and add them to a Truststore:
keytool -import -alias rootCA -keystore integrationserver.jks -file rootCA.crtYou need to repeat this command for each certificate of the chain with a unique alias.
Import the certificate into Integration Server
- Create a Truststore Alias under Security -> Keystore -> Create Truststore Alias.
- Create a Keystore Alias under Security -> Keystore -> Create Keystore Alias.
- Create an HTTPS Port Security -> Ports -> Add Port.
- Enable access through the new port.
- Test your new HTTPS connection in a browser:
https://YOUR-SERVERNAME:5443/