Configure inbound transports
OverviewInbound transports refer to the types of listener ports and their attributes that are opened to receive requests for this server. Both CSIv2 and SAS have the ability to configure the transport. However, there are differences between the protocols.
Complete the following steps to configure the Inbound Transport panels in the administrative console...
- Click...Security | Authentication Protocol | CSIv2 Inbound Transport
...to select the type of transport and the SSL settings. By selecting the type of transport you choose which listener ports you want to open. If you choose TCP/IP as the transport SSL client certificate authentication is disabled.
- Select the SSL settings that correspond to an SSL transport. These SSL settings are defined in the Security | SSL panel and define the SSL configuration including the keyring, security level, ciphers, and so on.
- Consider fixing the listener ports that you configured.
Most end points are managed at a single location, which is why they do not appear in the Inbound Transport panels. Managing end points at a single location helps you decrease the number of conflicts in your configuration when you assign the end points. The location for SSL end points is at each server. The following port names are defined in the End Points panel and are used for object request broker security...
CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS CSIv2 Client Authentication SSL Port CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS CSIv2 SSL Port SAS_SSL_SERVERAUTH_LISTENER_ADDRESS SAS SSL Port ORB_LISTENER_PORT TCP/IP Port
For an appserver, click...Servers | Application Servers | server | End Points
The Object Request Broker on WAS uses a listener port for Remote Method Invocation over the RMI/IIOP communications, which is generally not specified and selected dynamically during run time. If you are working with a firewall, specify a static port for the ORB listener and open that port on the firewall so that communication can pass through the specified port. The endPoint property for setting the ORB listener port is: ORB_LISTENER_ADDRESS.
Complete the following steps using the administrative console to specify the ORB_LISTENER_ADDRESS port or ports.
- Click...Servers | Application Servers | server End Points | New
- Select ORB_LISTENER_ADDRESS from the End Point Name field in the Configuration panel.
- Enter the IP address, the fully qualified DNS host name, or the DNS host name by itself in the Host field. For example, if the host name is myhost, the fully qualified DNS name can be myhost.myco.com and the IP address can be 18.104.22.168.
- Enter the port number in the Port field. The port number specifies the port for which the service is configured to accept client requests. The port value is used in conjunction with the host name. Using the previous example, the port number might be 9000.
- Click...Security | Authentication Protocol | SAS Inbound...to select the SSL settings used for inbound requests from SAS clients.Remember that the SAS protocol is used to interoperate with previous releases. When configuring the key store and trust store files in the SSL configuration, these files need the right information for interoperating with previous releases of WAS. For example, a previous release has a different trust store file than the V5 release. If you use the V5 key store file, add the signer to the trust store file of the previous release for those clients connecting to this server.
The inbound transport configuration is complete.
When you finish configuring security, perform the following steps to save, synchronize, and restart the servers...
- Click Save in the administrative console to save any modifications to the configuration.
- Stop and restart all servers, when synchronized.
CSIv2 vs. SAS
- SAS requires SSL; CSIv2 does not require SSL.
- SAS does not support SSL client certificate authentication, while CSIv2 does.
- CSIv2 can require SSL connections, while SAS only supports SSL connections.
- SAS always has two listener ports open: TCP/IP and SSL.
- CSIv2 can have as few as one listener port and as many as three listener ports. You can open one port for just TCP/IP or when SSL is required. You can open two ports when SSL is supported, and open three ports when SSL and SSL client certificate authentication is supported.