Configure CSIv2 for SSL client authentication

 

Configure using the sas.client.props

To require SSL client authentication, edit...

$WAS_HOME/properties/sas.client.props

...and set...

com.ibm.CSI.performTLClientAuthenticationRequired=true

To specify the CSI protocol

com.ibm.CSI.protocol=csiv2

To match the SSL protocol configured with your server, set com.ibm.ssl.protocol accordingly.

Specify the com.ibm.CORBA.ConfigURL property with the fully qualified path of your Java property file when you run your application. For example...

-Dcom.ibm.CORBA.ConfigURL=file:/c:/WebSphere/AppServer/properties/sas.client.props

 

Configure using the console

To configure using the administrative console...

  1. Go to...

    Expand Security | Authentication Protocol | CSIv2 Inbound Authentication | Supported or Required for Client Certificate Authentication | OK

  2. If you selected Required, configure the CSIv2 outbound authentication as well to support the client certificate authentication. Otherwise, you can skip this step. Click CSIv2 Outbound Authentication and select either Supported or Required for Client Certificate Authentication.

  3. Click CSIv2 Outbound Transport. Select an SSL setting from the SSLSettings list for keystore, truststore, cryptographic token, SSL protocol, and ciphers use. Create an alias from the SSL Configuration Repertoires panel for an SSL setting. Update the SSL setting selected in CSIv2 Inbound Transport accordingly.

  4. Save your configuration.

  5. Restart the server for the changes to become effective.

Client authentication using digital certificates is performed during SSL connection.

 

Usage Scenario

Specify the keystore and truststore files in your configuration.

 

See Also

Authentication protocol for EJB security
Creating a SSL repertoire configuration entry
Managing digital certificates
Cryptographic token settings