Secure communications with the Liberty profile
SSL provides transport layer security, including...
- authenticity
- data signing
- data encryption
...between clients and WAS servers. Public key cryptography guarantees that when an entity encrypts data using its public key, only entities with the corresponding private key can decrypt that data. The Liberty Server uses JSSE to handle handshake negotiation, and protection capabilities. JSSE uses on X.509 certificate-based asymmetric key pairs for secure connection protection and some data encryption. Key pairs effectively encrypt session-based secret keys that encrypt larger blocks of data. The SSL implementation manages the X.509 certificates.
To configure secure communications, we can edit server.xml, set either...
Minimal only requires the SSL feature and a keystore entry to be specified. See WASdev.net website for examples.
The default SSL configuration is used to create the process default SSLContext using method...
< SSLContext.setDefault()
The default SSL configuration can be the minimal SSL configuration, or the configuration identified by the sslRef attribute on the sslDefault element. Because the default SSLContext is set on the process, the javax.net.ssl.keyStore and javax.net.ssl.trustStore properties will not be recognized.
Subtopics
- Enable SSL communication
- Create SSL certificates for the Liberty profile using the Utilities menu
- Create SSL certificates from the command prompt
- Configure the web application and server for client certificate authentication
- Set up a Liberty profile to run in SP800-131a
- Configure an httpEndpoint to use an SSL configuration other than the default
Parent topic: Secure the Liberty profile and its applications
Terms and conditions for information centers