wsadmin: import self-signed certificates from other servers

There are moments where you want to use a WebSphere server to control other servers, to remotely start/stop applications, gather statistics or do a remote configuration/deployment.

If you want to script that, you will probably have the issue that the first time you are using wsadmin to connect to another server, you will be asked to accept the certificate manually, and that will pause your execution.

You could, of course, connect a first time to each server if you have a few, but if you have many of them, that wouldn’t be fun. However, you can add the certificate to the wsadmin‘s trusts tore with a command line by doing the following:

echo "" | openssl s_client -connect $host:9043 -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.txt
$JAVA_HOME/bin/keytool -import -alias $host -file cert.txt -keystore /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/trust.p12 -storetype PKCS12 -storepass WebAS

You can, of course, repeat this in one script for all your servers, afterward the wsadmin won’t hang for any input when using it the first time on a server.

Leave a Reply