Configure CA certs for SSL API call

I am a newbie when it comes to SSL. So I could use some expertise here regarding my situation.

I have a Java based web app that makes SSL API calls. The API and web app, both are hosted in the same server (myserver), and web app makes API calls. Now for testing purpose, we created a self signed certificate with the local domain name and server name (myserver.mydomain.local) and added to the cacerts. SSL handlshake works as desired.

But now, our client is using a CA certificate which they imported to cacerts. And during the SSL handshake, the web app client complains that the certificate issued by the

CN=abc-dns.com,OU=Root Certificate, OU=WASFarmLLLCell01, OU=WASFarmLLLCellManager01, O=IBM, C=US is not trusted; where abc-dns.com is the server name where the API is hosted through Web Sphere.

Do they need to add a self signed certificate in the trust store with the server name abc-dns.com in it to resolve the SSL handshake? Any tips will be greatly appreciated.

Answer

The public key from abc-dns.com needs to be added to the truststore of the server that is throwing the handshake exception. There are multiple ways of doing that, here’s one:
https://www.ibm.com/support/knowledgecenter/SSEQTP_9.0.5/com.ibm.websphere.base.doc/ae/usec_sslretrievesignercert.html

Leave a Reply

Your email address will not be published. Required fields are marked *