![[V5.1 and later]](../../v51x.gif)
Configuring Secure Sockets Layer
Overview
Secure Sockets Layer (SSL) is used by multiple components within WebSphere Application Server to provide trust and privacy. These components are the built-in HTTP Transport, the Object Request Broker (ORB) (for client and server) and the secure Lightweight Directory Access Protocol (LDAP) client. Configuring SSL is different between client and server with WebSphere Application Server .- Configure the client (JSSE).Use the sas.client.props file
located in the ${install_root}/properties directory. The sas.client.props file
is a configuration file that contains lists of property-value pairs, using
the syntax <property> = <value>. The property names are case
sensitive, but the values are not; the values are converted to lowercase when
the file is read. By default, the sas.client.props file is located
in the properties directory under the install_root of your
WebSphere Application Server installation. Specify the following properties
for an SSL connection:
- com.ibm.ssl.protocol
- com.ibm.ssl.keyStoreType
- com.ibm.ssl.keyStore
- com.ibm.ssl.keyStorePassword
- com.ibm.ssl.trustStoreType
- com.ibm.ssl.trustStore
- com.ibm.ssl.trustStorePassword
- com.ibm.ssl.enabledCipherSuites
- com.ibm.ssl.contextProvider
- com.ibm.ssl.keyStoreServerAlias
- com.ibm.ssl.keyStoreClientAlias
- For the Secure Authentication
Services (SAS) authentication protocol only: com.ibm.CORBA.standardPerformQOPModels
- For the cryptographic token device:
- com.ibm.ssl.tokenType
- com.ibm.ssl.tokenLibraryFile
- com.ibm.ssl.tokenPassword
- com.ibm.ssl.tokenType
Note: Although
WebSphere Application Server supports the IBM Federal Information Processing
Standard-approved Java Secure Socket Extension (IBMJSSEFIPS), IBMJSSEFIPS
is not supported on the HP-UX platform. - com.ibm.ssl.protocol
- Configure the server.Use the administrative console
to configure an appserver that makes SSL connections. To start the
administrative console, specify the following Web address: http://server_hostname:9090/admin.
- Create an SSL configuration repertoires alias or entry. You
can select the alias later when a component is configured for SSL support.
An SSL configuration repertoires entry contains the following fields:
- Typical configuration settings:
- Alias
- Key file name
- Key file password
- Key file format
- Trust file name
- Trust file password
- Trust file format
- Client authentication
- Security level
- Cipher suites
- Alias
- For the cryptographic token device:
- Cryptographic token (Create the alias first so you can configure these
fields).
- Token type
- Library file
- Password
- Token type
- Cryptographic token (Create the alias first so you can configure these
fields).
- For additional Java properties:
- Custom properties (Create the alias first so you can configure these fields).
- com.ibm.ssl.contextProvider
- com.ibm.ssl.protocol
- com.ibm.ssl.contextProvider
- Custom properties (Create the alias first so you can configure these fields).
Note: WebSphere
Application Server contains IBM Developer Kit for Java Technology Edition
V1.4.x , which includes changes from IBM Developer Kit for Java Technology
Edition V1.3.
- Typical configuration settings:
Secure Sockets Layer
Digital certificates
Authentication protocol for EJB security
Secure Sockets Layer configuration repertoire settings
Troubleshooting secure sockets layer interoperability