Configuring Certificate and Keys Usage

You need to configure each SIMULIA Execution Engine in your Federation environment to use digital certificates and exchanged keys (.jks files). All the security credentials for each SIMULIA Execution Engine are stored in the system’s .jks key database file. This file contains the server’s full certificate (with private and public keys) and the partner’s public key.

  1. Open the WebSphere Administrative console on the local SIMULIA Execution Engine as described in Deploying (Installing) the Feature. This process is also described in detail in the SIMULIA Execution Engine Installation and Configuration Guide - WebSphere.
  2. On the left side of the console, expand the Security option.
  3. Click SSL certificate and key management.

    The SSL certificate and key management screen appears.

  4. In the Related Items area on the right side of the console, click Key stores and certificates.

    A list of key stores and certificates appears.

  5. Click New.
  6. Type the following information in the corresponding text boxes:

    • Name: FiperB2B

    • Path: \keys\server.jks (where server is the name of the local SIMULIA Execution Engine)

      Note: This keys directory was created in Creating Digital Certificates. The .jks file should be the only file of its type located in the directory.

    • Password: Enter the password that was used to protect this key file at the time the key file was created.

  7. From the Type list, select JKS.
  8. Click OK.

    The new item is added to the list of existing items.

  9. Near the top of the right side of the WebSphere console, click SSL certificate and key management.
  10. In the Related Items area on the right side of the console, click SSL configurations.

    A list of SSL configurations appears.

  11. Click New.
  12. In the Name text box, type FiperSSL.
  13. From the Trust store name list, select FiperB2B.
  14. From the Keystore name list, select FiperB2B.
  15. Click Get certificate aliases.

    The two lists below the button are automatically populated with information from the keystore file.

  16. Verify that the retrieved information is accurate.
  17. Click OK.

    The new SSL configuration appears in the list.

  18. On the left side of the console, expand the Environment option.
  19. Click Virtual hosts.

    The virtual hosts information appears.

  20. In the Name column on the right side of the console, click default_host.

    The default host information appears.

  21. On the right side of the console, click Host Aliases.

    A list of hosts and port numbers is shown. A default WebSphere installation will have ports similar to the following defined: 9080, 9443, and 80.

  22. Verify that port 443 exists. If this port has not been defined, perform the following actions to create it:
    1. Click New.
    2. In the Host Name text box, verify that * is displayed.
    3. Enter 443 in the Port text box.
    4. Click OK to add the new host alias.

      Port 443 now appears in the port list.

  23. On the left side of the console, expand the Servers option, and expand the Server Types option.
  24. Click WebSphere application servers.

    The Application servers screen appears.

  25. Click server1.
  26. On the right side of the console, expand the Web Container Settings option.

    Additional links appear.

  27. Click Web container transport chains.

    A list of Web container transport chains appears.

  28. Click New to create a new transport chain.
  29. In the corresponding text box, enter a transport chain name (for example, FiperInboundSecure).
  30. From the Transport chain template list (second item in the list), select WebContainer-Secure, and click Next.

    The port information appears.

  31. In the Port name text box, enter a new name (for example, FiperSSLPort).

    Note: Leave the Host text box set to the default value of *.

  32. In the Port text box, enter 443, and click Next.

    The confirm screen appears.

  33. Click Finish.

    You are returned to the list of transport chains.

  34. Locate the new transport chain you just created (for example, FiperInboundSecure), and click its name in the Name column.
  35. In the Transport Channels area, click the SSL_inbound_channel (SSL_4) link.
  36. From the Select SSL Configuration list, select the SSL configuration you created in Step 12 above (for example, FiperSSL).
  37. Click OK.

    You are returned to the new transport chain screen.

  38. Click OK.

    You are returned to the list of transport chains.

  39. Click Save at the top of the interface to save the updated WebSphere configuration.
  40. Log out of the WebSphere Administrative console.
  41. Repeat Steps 1 through 40 for each SIMULIA Execution Engine in your Federation environment.
  42. Proceed to Adding the Certification Signer to the Trust Store of the SIMULIA Execution Engine Server.