I'm a bit confused about loading Certificates

I have a new partner certificate that I need to load. We have a clustered pair of TN Servers as well as a clustered pair of MWS. Do I need to load the certificate into each servers (2x TN, 2x MWS) keystore ?

Hi David,

for which purpose is the certificate intended?
Is it a server certificate or a client certificate?
Which version of wM are you running on?

You might want to check the IS Administrators Guide as well as the MWS Administrators Guide for further informations.


Hi Holger,

It’s a client leaf certificate. We’re running wM 9.6. I’ve converted the cert to .der using OpenSSL and am wondering if I need to install it into the TN servers and the MWS servers, or just the TN Servers, or just the MWS servers ?


Hi David,

when it is a server certificate for your own server you should create a PKCS#12 file for the certificate itself and a JKS file for the truststore containing the CAs (mainly those which are not already present in the JVMs central cacerts file).

When it is a server certificate for a partner´s server, then you will have to add their CA in your truststore file.

When it is meant for authenticating a partner on your server you should add the certificate under Certificates → Configure Client Certificates and map it to the TN User defined in the TN Partner Profile.
When your Partner logs in to MWS as well for monitoring you should import the user certificate there as well.

See IS Administrators Guide as well as MWS Administrators Guide for details.


Hi Holger,
The VAN representing the Trading Partner is receiving the following message when they try to send an Order to us in the UAT environment:

"Headers Received by XXX CONTENT_TYPE:text/xml

Response received

<?xml version="1.0"?>


I have added the Cert to MWS.

"Certificate Information:
Certificate Type:
SSL (default)
Serial Number:
Issuer Common Name:
DigiCert SHA2 Secure Server CA
Issuer DN:

o=DigiCert Inc
cn=DigiCert SHA2 Secure Server CA 

Subject Common Name:
Subject DN:

l=Redwood City
o=Oracle Corporation
ou=Oracle OMCS (Oracle Owned) ADC

Valid Not Before:
Aug 23, 2019
Valid Not After:
Oct 21, 2021
Alg Name:

Where else do I need to add the Certificate ??

Thanking you for your assistance with this issue.

Hi David,

We’re at 8.2 and I don’t know if there are differences in this area since you’re 9.6 and configured differently as well, but we don’t load any certs for TN partners via MWS.

We convert the certs to .DER and load them to the TN Truststore, clear the SSL cache and reload the Truststore (via IS Security). Then we load the certs to the partner’s profile via MWS Profile Security.

We aren’t associating users with partner profiles, but I think you may still need to load the partner’s certs to the TN profile anyway.