Configure SSL Sets for outbound communications

We can configure SSL settings for outbound communications in Liberty.

SSL configurations in Liberty can be used for both inbound and outbound communications. Liberty has an SSL configuration called defaultSSLConfig and that defines the default SSL settings for both inbound and outbound SSL connections. We might often need different SSL settings for outbound communications than what we need for inbound communications. On Liberty, we can configure different SSL settings by specifying an SSL configuration on the outboundSSLRef attribute on the sslDefault element.

  1. Enable the transportSecurity-1.0 feature in the server.xml file. 

      <featureManager>
    <feature>transportSecurity-1.0</feature>
</featureManager>

  2. Add the outbound SSL entry to the server.xml file.

    The SSL configuration is set on the outboundSSLRef attribute in the sslDefault element. 

      <sslDefault outboundSSLRef="alternateSSLSets" />

<!-- SSL configuration for Inbound SSL connection-->
<ssl id="defaultSSLConfig" 
      keyStoreRef="defaultKeyStore" 
      trustStoreRef="defaultTrustStore" 
      
<keyStore id="defaultKeyStore" 
      location="key.jks" 
      type="JKS" 
      password="yourpassword" />

<keyStore id="defaultTrustStore"
      location="trust.jks" 
      type="JKS" 
      password="yourpassword" />

<!-- SSL configuration for outbound SSL connections-->
<ssl id="alternateSSLSets" 
      keyStoreRef="alternateKeyStore" 
      trustStoreRef="alternateTrustStore" />     
  
<keyStore id="alternateKeyStore" 
      location="${server.config.dir}/alternateServerKeyFile.jks"
      type="JKS" 
      password="yourpassword" />

<keyStore id="alternateTrustStore" 
      location="${server.config.dir}/alternateServerTrustFile.jks" 
      type="JKS" 
      password="your password" />

    In this configuration, the SSL alternateSSLSets configuration becomes the default outbound SSL configuration. Liberty features or applications that run on Liberty and make outbound SSL connections use the SSL configuration specified by the outboundSSLRef attribute. Most features provide an attribute that allows users to directly reference the required SSL configuration. If that attribute is specified, then it takes precedence over the outbound default that is set by the outboundSSLRef attribute.