Configuring IIOP transport channel protection

The configuration of IIOP transport channel protection can be done using the WebSphere Administrative Console.

    • In the Global Security administration page, go to the Authentication section.

    • Select Authentication protocol to display all the avialable options as shown in Figure 7-19.

    • Transport channel protecction can be set for inbound and outbound transport independently. After selecting the CSIV2 inbound or the outbound transport page link, you will see a page as displayed in Figure 7-21.

    • Set Transport with one the following options:
    TCP/IP

    Server only supports TCP/IP and cannot accept SSL connections.

    SSL supported

    Server can support either TCP/IP or SSL connections.

    SSL required

    Any client communicating with this server must use SSL.

    Figure 7-21 Setting CSIV2 Inbound transport properties

    • Configure SSL Settings by selecting one of the defined SSL repertories from the drop-down list. For more information about SSL configuration, refer to 3.6, SSL configurations.

    By default, the ORB transport listener ports are dynamically allocated during runtime. You might consider fixing the listener ports used for CSIV2. Since each application server runs its own ORB, they all have their own set of listening ports. The listener ports are managed by changing the application server's endpoints. In this case, we need to specify CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS, CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS and ORB_LISTENER_PORT endpoints in order to fix the port numbers. Please check the WebSphere Application Server V6 Information Center for further details about how to configure the endpoints.