How to import SSL Certificate to IBM Websphere Server through admin console

  1.  Log into the administrative console.
  2.  Expand Security and click SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations.
  3.  Select the appropriate outbound configuration to get to the (cell):MyComputerNameNode07Cell:(node):MyComputerNameNode07 management scope. (The nodes above are samples only, and are different for different machines)
  4.  Under Related Items, click Key stores and certificates and click the NodeDefaultTrustStore key store.
  5.  Under Additional Properties, click Signer certificates and Retrieve From Port.
  6.  Enter hostname in the host field (e.g. www.icodejava.com), enter 443 in the Port field, and hostname_cert (e.g. www.icodejava.com_cert) in the Alias field. You can of course use your own alias name. Remember the hostname is the host from which you are importing the certificate.
  7.  Click Retrieve Signer Information.
  8.  Verify that the certificate information is for a certificate that you can trust.
  9.  Click Apply and Save.

Congratulations, you have successfully import SSL Certificate from a host to IBM Websphere Server through the admin console in an easy set of steps.

How to force HTTPS use in a Java Web Application

If you want to force the users to always use https:// even if they typed in http:// url, Applying Security Constraint in Web.xml can help.

      <security-constraint>
          <display-name>HTTPS-redirect</display-name>
          <web-resource-collection>
              <web-resource-name>secured-environments</web-resource-name>
              <description>Do HTTPS redirect so that the connection is secured</description>
              <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <user-data-constraint>
              <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
      </security-constraint>

The above constraint re-directs the user to https URL.

How to easily add SSL Certificates to IBM Websphere Server

In order to add SSL Certificate to IBM Websphere Server, the signer might need to be added to the local trust store. You can use the Retrieve from port option in the administrative console to retrieve the certificate and resolve the problem. If you determine that the request is trusted, complete the following steps:

  1. Log into the administrative console.
  2. Expand Security and click SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations.
  3. Select the appropriate outbound configuration to get to the (cell):MyCompNode07Cell:(node):MyCompNode07 management scope. (The cell names and node names are just examples)
  4. Under Related Items, click Key stores and certificates and click the NodeDefaultTrustStore key store.
  5. Under Additional Properties, click Signer certificates and Retrieve From Port.
  6. In the Host field, enter your domain such as icodejava.com in the host name field, enter 443 in the Port field, and icodejava.com_cert in the Alias field.
  7. Click Retrieve Signer Information.
  8. Verify that the certificate information is for a certificate that you can trust.
  9. Click Apply and Save.