| June 4, 2019

SSL Configuration for IBM Campaign – Part-II

Lead Support Engineer and a Client Advocate

Pre-requisite: You must have generated campaign.kdb, campaign.arm, and platform certificate.cer files as described in SSL_Configuration Part-I blog.

Configure SSL Certificates in WebSphere Application Server: Step A: Configuring key store, refer steps mentioned below. Refer to 5.1 screenshots.

1.   Open IBM Admin Console
2.   On the Left-hand side, expand Security.
3.   Click “SSL certificate and key management.”
4.   Click on “Key stores and certificates.”
5.   Add a new Key Store (Click on “New button”)
6.   Fill in the following information:

Name – Any name can be given, e.g. platforms
Path – Provide .jks file path that is created in step 1
Password – provide the password of Keystore (password)
Confirm password – confirm password of Keystore (password)
Type: select JKS (Unica J2EE application support JKS keystores only)
Click Ok. After the page refreshes, click save the link on the center top.

SSL key management

SSL key stores and certificates

Step B: Configuring the newly added key store to the inbound node, refer Image 5.2
1.   Click on “SSL certificate and key management” again.
2.   Click on “Manage endpoint security configurations.”
3.   In the Local Topology view, you will see 2 Topologies, Inbound, and outbound.
4.   In the Inbound topology, you will see a tree, and at the bottom of the tree, you will see a link which reads like [machinename][NodeName]([SSL Configuration Name], [keystorename]),[Keystore Alias Name].
5.   Click on the link mentioned above.
6.   Click on “SSL Configuration.”
7.   Create a new Secure Sockets Layer (SSL) configurations (Click on New button)
8.   Fill in the following information:
1.   Name: Provide an intuitive name.
2.   Select the Key store name you just added in the Trust Store Name.
3.   Select the Key store name you just added in the Keystore Name. Click on Get certificate aliases. This will populate all the aliases available in the selected key store to the two drop downs “Default server certificate alias” and “Default client certificate alias.”
4.   Select the desired alias in “Default server certificate alias.”
5.   Select the desired alias in “Default client certificate alias.”

SSL General Properties

9. Click OK and save changes.
Changes will be reflected as mentioned in Image 5.3

NodeDefaultTrustStore

10. Once the page refreshes, click save the link on the center top of the page.
11. Click on the link SSL certificate and key management > Manage endpoint security configurations > [NodeName].
12. You will see General Properties. Refer Image 5.4
13. Under the general properties, you will see your Node name.
14. Make sure the value of direction is inbound.
15. Select the newly added SSL Configuration (e.g. platformssl_cert) in the ‘SSL Configuration’ dropdown.

SSL inbound configuration

16. Click on button ‘Update certificate alias list.’ This will update the drop-down ‘Certificate alias in key store.’
17. from the ‘Certificate alias in key store’ drop-down, select the alias you desire to use.
18. Click Ok. When the page refreshes click save the link.

Step C: Import the Campaigncert.arm file into the application server where the Campaign web application is deployed (Refer Image 5.5)
Open WAS console and navigate to:

Security > SSL Certificate and key management > Key stores and certificates
Click on NodeDefaultTrustStore -> Signer certificates -> Add signer certificate
1. Add details as campaign_listener
2. The path for Campaigncert.arm file
3. Click on Apply
4. Click on save changes on top of the screen

SSL Campaigncert