External communities certificates are signed by a specific
certificate authority - probably a different authority from the CA
used to sign your Sametime® Gateway
certificate. In order for the Sametime Gateway to trust
a certificate presented by an external community, the CA that issued
this certificate would have to be configured to be trusted in advance.
About this task
This topic explains what CA certificate needs to be downloaded
and imported into the WebSphere® Application
Server trust store.
- Steps 1-4 explain how to obtain the required CA certificate.
- Steps 5-7 explain how to import the obtained CA certificates into
the WebSphere Application
Server.
Procedure
- To connect to AOL, download the following CA certificate.
Navigate to
http://www.geotrust.com/resources/root_certificates/index.asp and
download the Equifax Secure Certificate Authority:
Download - Equifax Secure Certificate Authority (Base-64 encoded X.509)
- To connect to AOL, you are also required to download the
following additional certificates:
- Navigate to https://pki-info.aol.com/AOL/ and
download both certificates titled: "America Online Root CA 1 certificate"
and the "America Online Root CA 2 certificate.
- Navigate to https://pki-info.aol.com/AOLMSPKI/index.html and
download the certificate titled: "AOL Member CA certificate
- To connect to an external Sametime-based IM community
over SSL you will need to obtain the CA certificate used by external
community
- Check with the external community administrator to determine
which trusted certificate authority they are using.
- Obtain the CA certificate.
- To connect to an external XMPP-based IM community over
SSL.
- Check with the external community administrator to determine
which trusted certificate authority they are using.
- Obtain the CA certificate.
- In case the received certificate is stored in any type
of a certificate file database (a file with a suffix of .db or .p12,
for example), you have to extract the certificate to an independent
file, before you can import it to WebSphere Application
Server.
- Complete the following tasks in the Integrated Solutions
Console: .
- 7. Click Add.
- Type an alias to identify the Certificate Authority
in the Alias field. This is a freeform value used to identify the
certificate inside WebSphere,
a good idea would be to set the alias to the certificate's CN (common
name) field value.
- Type in the full path to the file name containing the
Certificate Authority's public key. For example: c:\certificates\acme_external_community.arm.
- Select the data type.
Note: Attention:
For IBM® i, you must select binary
as the data type.
- Click OK.
Note: For IBM i only,
Certificates are automatically downloaded with the .CER file extension,
so you must manually rename them to the .DER file extension.