IBM Support

ACert tool checks SSL certificates for expiration dates

Download


Abstract

A command-line tool checks expiration dates of all SSL certificates defined in WebSphere Application Server SSL repositories. WAS versions 5.1 and 6.0 only are supported. Later v

Download Description

ACert is a command-line tool that checks the WebSphere Application Server expiration dates of all SSL certificates defined in Application Server SSL repertoires. The expiration dates of each certificate are displayed.

Checking SSL certificates can help avoid application failures due to expired SSL certificates used for authentication within the Application Server and secure communications between the Application Server and the plug-in running within a Web server.

ACert does not check the WebSphere truststore for expired certificates, only SSL certificates that are defined in SSL repertoires.

ACert does not support WebSphere Applicate Server 6.1 and later. These versions have incorporated features into the administrative console that display details SSL repertoire information, including certificate expiration dates.

History:

  • 10 July 2005: Updated to reflect support for V6.0
  • 13 April 2005: Updated Windows image to resolve usage issues
  • 14 March 2005: Provided Windows, UNIX and iSeries unique images to simplify installation
  • 10 March 2005: Revised installation instructions
  • 31 March 2004: Created

Prerequisites

WebSphere Application Server V5.0, V5.1 or V6.0 installation.

Installation Instructions

To install ACert on Windows (WebSphere 5.x), unzip the file into the root directory of the WebSphere Application Server to be checked:


  • For WebSphere Application Server base, unzip ACert.zip into the install_root directory. For example, c:\WebSphere\AppServer
  • For Network Deployment, unzip into the Network Deployment nd_install_root directory.
  • If there is any possibility that different certificates have been installed in other nodes, or if you are not sure whether unique certificates will be installed on some nodes, unzip ACert into those nodes as well.

Instructions for "Using JAR to open WebSphere Fix Pack zip files" are below.

To launch the tool on Microsoft Windows (WebSphere 5.x):

  1. Open a command window.
  2. Change directory to install_root\bin . If you are running ACert in a Network Deployment environment, change to the nd_install_root\bin directory.
  3. Type launchacert.bat and press Enter.
  4. Note: In previous versions of ACert, a mistake in the bat file prevented it from launching correctly, particularly if WebSphere installed in a directory containing blanks in the directory name (such as Program Files). The phrase com.ibm.ws.bootstrap.WSLauncher ACert %"WAS_HOME"% or com.ibm.ws.bootstrap.WSLauncher ACert %WAS_HOME% should read,com.ibm.ws.bootstrap.WSLauncher ACert "%WAS_HOME%"
  5. On Windows, be sure to execute launchACert.bat. launchACert (no file extension) is a launch script for AS/400.


To install ACert on Windows (WebSphere 6.x), unzip the file into the profile directory of the profile to be checked:

  • For example, c:\WebSphere\AppServer\profiles\dmgr
  • If there is any possibility that different certificates have been installed in other profiles or other nodes, or if you are not sure whether unique certificates will be installed on some nodes, unzip ACert into those nodes or profiles as well.


Instructions for "Using JAR to open WebSphere Fix Pack zip files" are below.

To launch the tool on Microsoft Windows (WebSphere 6.x):

  1. Open a command window.
  2. Change directory to install_root\profiles\profile_namebin .
  3. Type launchacert.bat and press Enter.
  4. Note: In previous versions of ACert, a mistake in the bat file prevented it from launching correctly, particularly if WebSphere installed in a directory containing blanks in the directory name (such as Program Files). The phrase com.ibm.ws.bootstrap.WSLauncher ACert %"WAS_HOME"% or com.ibm.ws.bootstrap.WSLauncher ACert %WAS_HOME% should read,com.ibm.ws.bootstrap.WSLauncher ACert "%WAS_HOME%"
  5. On Windows, be sure to execute launchACert.bat. launchACert (no file extension) is a launch script for AS/400.


To install ACert on UNIX (WebSphere 5.x), unjar the file into the root directory of the WebSphere Application Server to be checked:

  • For WebSphere Application Server base, copy the jar file ACertUnixWAS5.jar into the install_root directory, such as /usr/WebSphere/AppServer, then
  • Unjar using the jar -xvf ACertUnixWAS5.jar command.
  • For Network Deployment, unjar into the Network Deployment nd_install_root directory.
  • If there is any possibility that different certificates have been installed in other nodes, or if you are not sure whether unique certificates will be installed on some nodes, unjar ACertUnixWAS5.jar into those nodes as well.


To install ACert on UNIX (WebSphere 6.x), unjar the file into the profile directory of the WebSphere Application Server to be checked:

  • For example, copy the jar file ACertUnixWAS6.jar into /usr/WebSphere/AppServer/profiles/dmgr, then
  • Unjar using the jar -xvf ACertUnixWAS6.jar command.
  • If there is any possibility that different certificates have been installed in other nodes or profiles, or if you are not sure whether unique certificates will be installed on some nodes, unjar ACertUnixWAS6.jar into those nodes or profiles as well.


To launch ACert on UNIX (WebSphere 5.x):

  1. Open a shell window.
  2. Change directory to install_root/bin. If you are running ACert in a Network Deployment environment, change to the nd_install_root/bin directory.
  3. Make the script executable using chmod +x launchACert.sh,
  4. Type ./launchACert.sh and press Enter.


To launch ACert on UNIX (WebSphere 6.x):

  1. Open a shell window.
  2. Change directory to install_root/profiles/profile_namebin. If you are running ACert in a Network Deployment environment, change to the nd_install_root/bin directory.
  3. Make the script executable using chmod +x launchACert.sh,
  4. Type ./launchACert.sh and press Enter.


To launch ACert on iSeries:

  1. Open a shell window.
  2. Unjar the contents of the ACertISeries.jar file to /QIBM/ProdData/WebAS5/Base. This will result in the ACert class file going under the classes subdirectory and the UNIX, windows and iSeries scripts being placed in the bin subdirectory.
  3. (Optional) Customer can delete /QIBM/ProdData/WebAS5/Base/bin/launchACert.sh and launchACert.bat files.
  4. Enter the QShell environment by typing STRQSH on an OS/400 command line and press Enter.
  5. Type cd /QIBM/ProdData/WebAS5/Base/bin and press Enter.
  6. Type launchACert -instance myinst and press Enter.

[{"INLabel":"Using JAR to open WebSphere Fix Pack zip files","INLang":"US English","INSize":"100000","INURL":"http://www.ibm.com/support/docview.wss?rs=180&context=SSEQTP&uid=swg21115941"}]
Off
[{"DNLabel":"acertiseries.jar","DNDate":"10/30/2006","DNLang":"US English","DNSize":"14528","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/acert/acertiseries.jar","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/tools/acert/acertiseries.jar"},{"DNLabel":"acertunixwas5.jar","DNDate":"10/30/2006","DNLang":"US English","DNSize":"14819","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/acert/acertunixwas5.jar","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/tools/acert/acertunixwas5.jar"},{"DNLabel":"acertunixwas6.jar","DNDate":"10/30/2006","DNLang":"US English","DNSize":"15126","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/acert/acertunixwas6.jar","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/tools/acert/acertunixwas6.jar"},{"DNLabel":"acertwindowswas5.zip","DNDate":"10/30/2006","DNLang":"US English","DNSize":"14633","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/acert/acertwindowswas5.zip","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/tools/acert/acertwindowswas5.zip"},{"DNLabel":"acertwindowswas6.zip","DNDate":"10/30/2006","DNLang":"US English","DNSize":"14638","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/tools/acert/acertwindowswas6.zip","DNURL_FTP":null,"DDURL":"http://public.dhe.ibm.com:7618;sw_websphere;appserv/support/tools/acert/acertwindowswas6.zip"}]

Technical Support

1-800-IBM-SERV (US calls only)

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF012","label":"IBM i"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"5.1;6.0","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Java SDK","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24006797