Specifying administrative settings to a secured WebSphere Application Server v6.x

If your WebSphere® Application Server runtime environment has global security enabled, you need to communicate the administrative settings from your development environment to the runtime server. On the workbench, you need to specify that security is enabled on the runtime environment, and provide the username and password to the secured server. If you are working with a secured WebSphere Application Server version 6.1.x , you need to establish a trust between the development workbench of this product and the server.
Prerequisites:

To specify the administrative security settings to a secure local or remote WebSphere Application Server v6.x:

  1. In the Servers view, double-click your WebSphere Application Server v6.x. The server editor opens.
  2. Click the Overview tab at the bottom of the editor.
  3. Expand the Security section.
  4. Select the Security is enabled on this server check box. If this check box is not enabled, all other security settings are ignored.
  5. In the User ID field and Password fields, specify the user name and password for the current active administrative settings defined in the server configuration.
    This graphic is a Windows icon. On Windows: The specified user must have the following permissions:
    • For WebSphere Application Server v6.1.x: Log on as service
    • For WebSphere Application Server v6.0.x: Log on as service and Act as part of the operating system.

    This graphic is a Linux icon. On Linux: The specified user must be logged on as root.

  6. If you are working with a WebSphere Application Server v6.1.x that is secured, the Automatically trust server certificate during SSL handshake check box is by default enabled. If you are not working with a secured WebSphere Application Server v6.1.x, continue to the next step as this check box is not available.

    Starting in WebSphere Application Server version 6.1 release, each profile in the WebSphere Application Server environment contains a unique self-signed certificate that was created when the profile was created. This certificate replaces the default dummy certificate that ships with WebSphere Application Server in releases prior to version 6.1. When a profile is federated to a deployment manager, the signer for that self-signed certificate is added to the common truststore for the cell. By default, clients (such as the development workbench) does not trust servers from different profiles in the WebSphere Application Server environment. That is, they do not contain the signer for these servers.

    To assist in establishing this trust between the development workbench and the server, verify the Automatically trust server certificate during SSL handshake check box is selected. This check box specifies that when the workbench communicates to an administrative secured WebSphere Application Server v6.1.x, the server sends a signer certificate to the workbench. If the certificate is new, the workbench stores the certificate in its truststore file. The location of the truststore file depends on the connection type between the server and the workbench:
    • For a remote method invocation (RMI) connection, the truststore file is located at x:\runtimes\base_v61_stub\etc\trust.p12
    • For a SOAP connection, the truststore file is located at x:\runtimes\base_v61_stub\etc\DummyClientTrustFile.jks
    Where x is the installation directory for the workbench for this product.

    If the Automatically trust server certificate during SSL handshake check box is clear, the server status of the Servers view displays the server as stopped and no connection can be made to the server. Make sure you have selected this check box, otherwise, you need to manually establish the trust between the workbench and the administrative secured WebSphere Application Server v6.1.x, see Manually exchanging signer certificates to establish a trust between the workbench and the server topic for details.

  7. Select File > Save to save the changes in the server editor.
Note: When enabling administrative security for a server, do not give it a user ID that has the same name as the machine where WebSphere Application Server is installed. Otherwise, the server may fail to start.
Related information
Manually exchanging signer certificates to establish a trust between the workbench and the server
WebSphere Application Server maintenance releases
1 Not available in WebSphere Application Server Toolkit V6.1.x, but available in products such as Rational® Application Developer V7.0.x or Rational Software Architect V7.0.x

Feedback