Best practices for establishing SSL communications
To create the files necessary for establishing SSL communications in the secure domain, the SvrSslCfg class requires information about the secure domain as well as information related to the application. The following information about the Tivoli Access Manager secure domain is required:
- Administrative user password
The password associated with the Tivoli Access Manager administrative user. Typically, the user name is sec_master.
- Policy server name
The name of the system running the Tivoli Access Manager policy server named ivmgrd.
- Authorization server name
The name of the system running the Tivoli Access Manager authorization server named ivacld. This system might be the same system as the policy server.
- Policy server SSL port number
The number of the port used for SSL communications with the policy server. The default is 7135.
- Authorization server SSL port number
The number of the port used for SSL communications with the authorization server. The default is 7136.
If either the pdPerm.properties file or the SSL keystore file becomes damaged, repeat the configuration steps. Creating backups of these files is recommended.
- Configuration file URL
The URL to the configuration file that is manipulated by the SvrSslCfg class.
- Keystore file URL
The URL to the keystore file that is manipulated by the SvrSslCfg class.
- Tivoli Access Manager application name
The name of the Tivoli Access Manager application name that is created and associated with the SSL connection between this system and the Tivoli Access Manager servers. The configuration and keystore files are sensitive files that need protection. The contents of the configuration file are not externalized and are subject to change without notice in future releases of Tivoli Access Manager. Do not use the information in the configuration file directly.
Use the previously mentioned information about the secure domain to Configuring WAS to use Tivoli Access Manager for authentication.
See AlsoConfiguring WAS to use Tivoli Access Manager for authentication