wsadmin: import self-signed certificates from other servers

There are moments where you want to use a WebSphere server to control other servers, to remotely start/stop applications, gather statistics or do a remote configuration/deployment.

If you want to script that, you will probably have the issue that the first time you are using wsadmin to connect to another server, you will be asked to accept the certificate manually, and that will pause your execution.
WSADMIN_certificate

You could, of course, connect a first time to each server if you have a few, but if you have many of them, that wouldn’t be fun. However, you can add the certificate to the wsadmin‘s trusts tore with a command line by doing the following:

host=master1
echo "" | openssl s_client -connect $host:9043 -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.txt
$JAVA_HOME/bin/keytool -import -alias $host -file cert.txt -keystore /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/trust.p12 -storetype PKCS12 -storepass WebAS

You can, of course, repeat this in one script for all your servers, afterward the wsadmin won’t hang for any input when using it the first time on a server.

Leave a Reply