Configure CSIv2 for SSL client authentication
Configure using the sas.client.props
To require SSL client authentication, edit...
$WAS_HOME/properties/sas.client.props...and set...
com.ibm.CSI.performTLClientAuthenticationRequired=trueTo specify the CSI protocol
com.ibm.CSI.protocol=csiv2To match the SSL protocol configured with your server, set com.ibm.ssl.protocol accordingly.
Specify the com.ibm.CORBA.ConfigURL property with the fully qualified path of your Java property file when you run your application. For example...
-Dcom.ibm.CORBA.ConfigURL=file:/c:/WebSphere/AppServer/properties/sas.client.props
Configure using the console
To configure using the administrative console...
- Go to...
Expand Security | Authentication Protocol | CSIv2 Inbound Authentication | Supported or Required for Client Certificate Authentication | OK
- If you selected Required, configure the CSIv2 outbound authentication as well to support the client certificate authentication. Otherwise, you can skip this step. Click CSIv2 Outbound Authentication and select either Supported or Required for Client Certificate Authentication.
- Click CSIv2 Outbound Transport. Select an SSL setting from the SSLSettings list for keystore, truststore, cryptographic token, SSL protocol, and ciphers use. Create an alias from the SSL Configuration Repertoires panel for an SSL setting. Update the SSL setting selected in CSIv2 Inbound Transport accordingly.
- Save your configuration.
- Restart the server for the changes to become effective.
Client authentication using digital certificates is performed during SSL connection.
Usage Scenario
Specify the keystore and truststore files in your configuration.
See Also
Authentication protocol for EJB security
Creating a SSL repertoire configuration entry
Managing digital certificates
Cryptographic token settings