WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring Secure Sockets Layer

Why and when to perform this task

Secure Sockets Layer (SSL) is used by multiple components within WebSphere Application Server to provide trust and privacy. The following is a listing of these components:

Configuring SSL is different between client and server with WebSphere Application Server

Steps for this task

  1. Configure the client (JSSE). Use the sas.client.props file located, by default, in the install_root/profiles/profile_name/properties directory. The sas.client.props file is a configuration file that contains lists of property-value pairs, using the syntax <property> = <value>. The property names are case sensitive, but the values are not; the values are converted to lowercase when the file is read. Specify the following properties for an SSL connection:
    • com.ibm.ssl.protocol
    • com.ibm.ssl.keyStoreType
    • com.ibm.ssl.keyStore
    • com.ibm.ssl.keyStorePassword
    • com.ibm.ssl.trustStoreType
    • com.ibm.ssl.trustStore
    • com.ibm.ssl.trustStorePassword
    • com.ibm.ssl.enabledCipherSuites
    • com.ibm.ssl.contextProvider
    • com.ibm.ssl.keyStoreServerAlias
    • com.ibm.ssl.keyStoreClientAlias
    • For the Secure Authentication Services (SAS) authentication protocol only: com.ibm.CORBA.standardPerformQOPModels
    • For the cryptographic token device:
      • com.ibm.ssl.tokenType
      • com.ibm.ssl.tokenLibraryFile
      • com.ibm.ssl.tokenPassword
      • com.ibm.ssl.tokenSlot (added as a custom property)
  2. Configure the server. Use the administrative console to configure an application server that makes SSL connections. To start the administrative console, specify the following Web address: http://server_hostname:9060/ibm/console.
  3. Create an Creating a Secure Sockets Layer repertoire configuration entry. You can select the alias later when a component is configured for SSL support. An SSL configuration repertoires entry contains the following fields:
    • Typical configuration settings:
      • Alias
      • Key file name
      • Key file password
      • Key file format
      • Trust file name
      • Trust file password
      • Trust file format
      • Client authentication
      • Security level
      • Cipher suites
    • For the cryptographic token device:
      • Cryptographic token (Create the alias first so you can configure these fields).
        • Token type
        • Library file
        • Password
    • For additional Java properties:
      • Custom properties (Create the alias first so you can configure these fields).
        • com.ibm.ssl.contextProvider
        • com.ibm.ssl.protocol
        • com.ibm.ssl.tokenSlot (for crypto slot)
        • com.ibm.ssl.keyStoreClientAlias (alias selection for client authentication to servers)
        • com.ibm.ssl.keyStoreServerAlias (alias selection for server authentication to clients)
    Note: WebSphere Application Server contains IBM Developer Kit for Java Technology Edition Version 1.4.2 , which includes changes from IBM Developer Kit for Java Technology Edition Version 1.3. See Changes to IBM Developer Kit for Java Technology Edition Version 1.4.x for more information.



Sub-topics
Configuring Secure Sockets Layer for Web client authentication
Configuring Secure Sockets Layer for the Lightweight Directory Access Protocol client
Changing the default Secure Sockets Layer repertoire key files
Configuring IBM HTTP Server for Secure Sockets Layer mutual authentication
Configuring the Web server plug-in for Secure Sockets Layer
Configuring Secure Sockets Layer for Java client authentication
Secure Sockets Layer configuration repertoire settings
Creating a Secure Sockets Layer repertoire configuration entry
Configuring Federal Information Processing Standard Java Secure Socket Extension files
Digital certificates
Managing digital certificates
Changes to IBM Developer Kit for Java Technology Edition Version 1.4.x

Related concepts
Secure Sockets Layer
Authentication protocol for EJB security

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_ssl.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)