FreeKB - Difference between personal certificates and signer in WebSphere
Difference between personal certificates and signer in WebSphere

Home > Search


In the left panel of the WebSphere admin console, at Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore or CellDefaultTrustStore, two of the links displays are Personal certificates and Signer Certificates. What's the difference, you ask?

After a clean install of WebSphere, there will be one certificate in CellDefaultKeyStore > Personal Certificates. The name of the certificate is default. This is an IBM self-signed certificate. Since this is in a keystore, there is also a private key in the keystore linked to the certificate. Thus, we can say that Personal Certificates is a collection of public certificates and private keys.

 

When a client submits a request to get a resource from your WebSphere application server, the default certificate (and it's private key) will be used to encrypt the packets being exchanged between the client and the server.

 

After a clean install of WebSphere, there will be no certificates in CellDefaultTrustStore > Signer Certificates. This is normal, and not suggestive of some problem. However, let's say you happen upon a situation where you want to establish trust between your WebSphere application server and some other server, such as an IBM IHS web server. This is where Signer Certificates come into the picture.

In this scenario, you could add the IHS web servers public certificate in CellDefaultTrustStore > Signer Certificates. Here is an example of this exact scenario. These certificates in the screen shot below are my IHS web server certificate.

 

Now, when a request needs to be made to the IHS web server over a secured channel, such as HTTPS, trust will be established as the WebSphere application server will present the Signer Certificate to the IHS web server.

 

If this sounds like a bunch of mumbo jumbo to you, my article on understanding the difference between a keystore and truststore may be helpful.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter b7474 in the box below so that we can be sure you are a human.




Comments