IBM Support

ACert tool checks SSL certificates for expiration dates

Downloadable files


Abstract

A command-line tool checks expiration dates of all SSL certificates defined in WebSphere Application Server SSL repositories. WAS versions 5.1 and 6.0 only are supported. Later v

Download Description

ACert is a command-line tool that checks the WebSphere Application Server expiration dates of all SSL certificates defined in Application Server SSL repertoires. The expiration dates of each certificate are displayed.

Checking SSL certificates can help avoid application failures due to expired SSL certificates used for authentication within the Application Server and secure communications between the Application Server and the plug-in running within a Web server.

ACert does not check the WebSphere truststore for expired certificates, only SSL certificates that are defined in SSL repertoires.

ACert does not support WebSphere Applicate Server 6.1 and later. These versions have incorporated features into the administrative console that display details SSL repertoire information, including certificate expiration dates.

History:

  • 10 July 2005: Updated to reflect support for V6.0
  • 13 April 2005: Updated Windows image to resolve usage issues
  • 14 March 2005: Provided Windows, UNIX and iSeries unique images to simplify installation
  • 10 March 2005: Revised installation instructions
  • 31 March 2004: Created

Prerequisites

WebSphere Application Server V5.0, V5.1 or V6.0 installation.

Installation Instructions

To install ACert on Windows (WebSphere 5.x), unzip the file into the root directory of the WebSphere Application Server to be checked:


  • For WebSphere Application Server base, unzip ACert.zip into the install_root directory. For example, c:\WebSphere\AppServer
  • For Network Deployment, unzip into the Network Deployment nd_install_root directory.
  • If there is any possibility that different certificates have been installed in other nodes, or if you are not sure whether unique certificates will be installed on some nodes, unzip ACert into those nodes as well.

Instructions for "Using JAR to open WebSphere Fix Pack zip files" are below.

To launch the tool on Microsoft Windows (WebSphere 5.x):

  1. Open a command window.
  2. Change directory to install_root\bin . If you are running ACert in a Network Deployment environment, change to the nd_install_root\bin directory.
  3. Type launchacert.bat and press Enter.
  4. Note: In previous versions of ACert, a mistake in the bat file prevented it from launching correctly, particularly if WebSphere installed in a directory containing blanks in the directory name (such as Program Files). The phrase com.ibm.ws.bootstrap.WSLauncher ACert %"WAS_HOME"% or com.ibm.ws.bootstrap.WSLauncher ACert %WAS_HOME% should read,com.ibm.ws.bootstrap.WSLauncher ACert "%WAS_HOME%"
  5. On Windows, be sure to execute launchACert.bat. launchACert (no file extension) is a launch script for AS/400.


To install ACert on Windows (WebSphere 6.x), unzip the file into the profile directory of the profile to be checked:

  • For example, c:\WebSphere\AppServer\profiles\dmgr
  • If there is any possibility that different certificates have been installed in other profiles or other nodes, or if you are not sure whether unique certificates will be installed on some nodes, unzip ACert into those nodes or profiles as well.


Instructions for "Using JAR to open WebSphere Fix Pack zip files" are below.

To launch the tool on Microsoft Windows (WebSphere 6.x):

  1. Open a command window.
  2. Change directory to install_root\profiles\profile_namebin .
  3. Type launchacert.bat and press Enter.
  4. Note: In previous versions of ACert, a mistake in the bat file prevented it from launching correctly, particularly if WebSphere installed in a directory containing blanks in the directory name (such as Program Files). The phrase com.ibm.ws.bootstrap.WSLauncher ACert %"WAS_HOME"% or com.ibm.ws.bootstrap.WSLauncher ACert %WAS_HOME% should read,com.ibm.ws.bootstrap.WSLauncher ACert "%WAS_HOME%"
  5. On Windows, be sure to execute launchACert.bat. launchACert (no file extension) is a launch script for AS/400.


To install ACert on UNIX (WebSphere 5.x), unjar the file into the root directory of the WebSphere Application Server to be checked:

  • For WebSphere Application Server base, copy the jar file ACertUnixWAS5.jar into the install_root directory, such as /usr/WebSphere/AppServer, then
  • Unjar using the jar -xvf ACertUnixWAS5.jar command.
  • For Network Deployment, unjar into the Network Deployment nd_install_root directory.
  • If there is any possibility that different certificates have been installed in other nodes, or if you are not sure whether unique certificates will be installed on some nodes, unjar ACertUnixWAS5.jar into those nodes as well.


To install ACert on UNIX (WebSphere 6.x), unjar the file into the profile directory of the WebSphere Application Server to be checked:

  • For example, copy the jar file ACertUnixWAS6.jar into /usr/WebSphere/AppServer/profiles/dmgr, then
  • Unjar using the jar -xvf ACertUnixWAS6.jar command.
  • If there is any possibility that different certificates have been installed in other nodes or profiles, or if you are not sure whether unique certificates will be installed on some nodes, unjar ACertUnixWAS6.jar into those nodes or profiles as well.


To launch ACert on UNIX (WebSphere 5.x):

  1. Open a shell window.
  2. Change directory to install_root/bin. If you are running ACert in a Network Deployment environment, change to the nd_install_root/bin directory.
  3. Make the script executable using chmod +x launchACert.sh,
  4. Type ./launchACert.sh and press Enter.


To launch ACert on UNIX (WebSphere 6.x):

  1. Open a shell window.
  2. Change directory to install_root/profiles/profile_namebin. If you are running ACert in a Network Deployment environment, change to the nd_install_root/bin directory.
  3. Make the script executable using chmod +x launchACert.sh,
  4. Type ./launchACert.sh and press Enter.


To launch ACert on iSeries:

  1. Open a shell window.
  2. Unjar the contents of the ACertISeries.jar file to /QIBM/ProdData/WebAS5/Base. This will result in the ACert class file going under the classes subdirectory and the UNIX, windows and iSeries scripts being placed in the bin subdirectory.
  3. (Optional) Customer can delete /QIBM/ProdData/WebAS5/Base/bin/launchACert.sh and launchACert.bat files.
  4. Enter the QShell environment by typing STRQSH on an OS/400 command line and press Enter.
  5. Type cd /QIBM/ProdData/WebAS5/Base/bin and press Enter.
  6. Type launchACert -instance myinst and press Enter.

URL LANGUAGE SIZE(Bytes)
Using JAR to open WebSphere Fix Pack zip files US English 100000

Download package


Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is DD?
acertiseries.jar 10/30/2006 US English 14528 FTP DD
acertunixwas5.jar 10/30/2006 US English 14819 FTP DD
acertunixwas6.jar 10/30/2006 US English 15126 FTP DD
acertwindowswas5.zip 10/30/2006 US English 14633 FTP DD
acertwindowswas6.zip 10/30/2006 US English 14638 FTP DD

Technical support

1-800-IBM-SERV (US calls only)

Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK

Document information

More support for: WebSphere Application Server
Security

Software version: 5.1, 6.0

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows

Software edition: Base, Express, Network Deployment

Reference #: 4006797

Modified date: 11 July 2005


Translate this page: