I have created a custom keystore with an ssl certificate which is CA signed. The certificate chaining is being shown in the keystore alongwith the root certificate. The keystore was added to WAS by creating a custom keystore (not changing anything in the default keystore - NodeDefaultKeyStore). The Personal Certificate link also shows the chained certificates. SSL configuration was also added wherein the alias was also automatically populated. Then the node and server were restarted.

However, when the services got started, the certificate being shown in the browser is still the default one.

Tried to hit the service through a standalone java client after importing the keystore's certificates into a custom truststore, the following error was encountered:

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=*******, OU=Root Certificate, OU=Cell_lsrv4144, OU=Nd_lsrv4144, O=IBM, C=US is not trusted; internal cause is: CertificateChainingException

It seems that this is also looking for the default certificate instead of the custom created one.

Please help in configuring the SSL.

0 Answers