In this article I described how you can generate a self-signed SSL certificate to enable HTTPS in webMethods Integration Server: How to create a self-signed SSL certificate for webMethods Integration Server with OpenSSL. Now it’s time to import a real certificate.
If you have received the signed certificate from your Certificate Authority, you can follow these steps to import it into Integration Server. I’m using OpenSSL on a Linux machine and Java’s keytool on my Windows workstation for the command line work.
Prepare the certificate
- The private key has to be in PEM format and needs to be BASE64 encoded. At least in my case OpenSSL wasn’t able to handle it otherwise.
First of all, you need to protect your private key with a password, if you haven’t already done so.
openssl rsa -des3 -in integrationserver.key -out integrationserver.key
If the certificate is in format DER (in my case it was and the file had the ending cer), it has to be converted to PEM:
openssl x509 -in integrationserver.cer -inform DER -out integrationserver.crt -outform PEM
Now the keystore for Integration Server can be created:
openssl pkcs12 -export -des3 -in integrationserver.crt -inkey integrationserver.key -out integrationserver.p12
Now we need to create a Truststore containing the issuing certificates of our certificate. You need to download the required certificates for the whole certificate chain and add them to a Truststore:
keytool -import -alias rootCA -keystore integrationserver.jks -file rootCA.crt
You need to repeat this command for each certificate of the chain with a unique alias.
Import the certificate into Integration Server
- Create a Truststore Alias under Security -> Keystore -> Create Truststore Alias.
- Create a Keystore Alias under Security -> Keystore -> Create Keystore Alias.
- Create an HTTPS Port Security -> Ports -> Add Port.
- Enable access through the new port.
- Test your new HTTPS connection in a browser: