WAS 7.0, i had setup a keystore(with CA signer) and SSL configuration and setup the Dynamic SSL configuration for an outbound Connection, all at cluster level. However, this is not picking up during an outbound call. instead its looking for AppServer/Java/jre/lib/security/cacerts. its not able to find the cert and so cert is not passed for an outbound connection.
I have enabled the javax.net.ssl logging for the jvm, but the SSL config for the outbound which is setup at cluster level are not showing in the logs.
Can we configure/force to use WAS keystore instead of java keystore. Where can we configure this to use java keystore instead of WAS keystore?
SystemOut O setting up default SSLSocketFactory
SystemOut O try to load via ThreadContext Class Loader
SystemOut O ClassLoader
com.ibm.ws.classloader.CompoundClassLoader@53975397[war:xxxx/xxxx-war-2.1.0.0-SNAPSHOT.war]
Local ClassPath: /xxxxx/app/profiles/base/installedApps/xxxx/xxx.ear/xxx-war-2.1.0.0-SNAPSHOT.war
Parent: com.ibm.ws.classloader.CompoundClassLoader@51da51da[app:xxxx]
Delegation Mode: PARENT_FIRST
SystemOut O URL is file:/xxxxx/app/WebSphere/AppServer/plugins/com.ibm.ws.security.crypto.jar
SystemOut O URL is of type File
SystemOut O Try to get Jar file
SystemOut O verifySingleJarFile
SystemOut O Get the manifest file
SystemOut O verify if jar is signed by trusted signer
SystemOut O verification complete
SystemOut O Classloaded
SystemOut O class com.ibm.websphere.ssl.protocol.SSLSocketFactory is loaded
SystemOut O instantiated an instance of class com.ibm.websphere.ssl.protocol.SSLSocketFactory
SystemOut O keyStore is: /xxxx/xxxx/app/WebSphere/AppServer/java/jre/lib/security/cacerts
SystemOut O keyStore type is: jks
SystemOut O keyStore provider is:
SystemOut O init keystore
SystemOut O SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.hd
SystemOut O trustStore is: /xxxx/xxxx/app/WebSphere/AppServer/java/jre/lib/security/cacerts
SystemOut O trustStore type is: jks
SystemOut O trustStore provider is:
SystemOut O init truststore