IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1

Secure Socket Layer communications

On distributed platforms, ITCAM for Application Diagnostics uses the SSL security protocol for integrity and confidentiality. You have the option of configuring all monitoring components to utilize SSL for communications. The following steps describe a sample HTTP-based SSL transaction using server-side certificates:

  1. The client requests a secure session with the server.

  2. The server provides a certificate, its public key, and a list of its ciphers to the client.

  3. The client uses the certificate to authenticate the server (verify that the server is who it claims to be).

  4. The client picks the strongest common cipher and uses the server's public key to encrypt a newly-generated session key.

  5. The server decrypts the session key with its private key.

  6. From this point forward, the client and server use the session key to encrypt all messages.

The monitoring software uses the Java Secure Sockets Extensions (JSSE) API to create SSL sockets in Java applications.

If you performed an embedded installation of the WAS with the Managing Server, use the WAS default key. For more information on WAS default keys, refer to the WAS documentation.

This section describes how to customize the default settings for SSL authentication in ITCAM for Application Diagnostics.


Parent topic:

Set up security