Web server plug-in default configuration



Search Tips   |   Advanced Search


By creating a new Web server definition, WAS associates the Web server plug-in with a Certificate Management Services (CMS) keystore for a specific node. The keystore contains all of the signers for the current cell with the self-signed or chained certificate, which belongs to the node. The plug-in can communicate securely to WAS, even when the plug-in is configured with SSL client authentication enabled.

When you set the Web server definition to webserver1 on node Node01, WAS creates the keystore configuration. The keystore is scoped to the webserver1 server, which makes it visible to this server only. Other processes cannot use this keystore definition.

The following sample code from security.xml shows the configuration entries for the Web server plug-in.

<keyStores xmi:id="KeyStore_1132357815719" 

The following sample code shows how the CMS keystore and stash file are generated in security.xml.



The default password for the keystore is WebAS. We can change the default keystore password by using either the admin console or the appropriate AdminTask command.

The following sample code shows the AdminTask command that we can use to create this CMS keystore.

$AdminTask createCMSKeyStore /config/cells/Cell01/nodes/Node01/servers/webserver1/plugin-key.kdb myhost.mpls.setgetweb.com

Note the following characteristics of the previous example:

When additional nodes are federated, the signers for these nodes are not automatically added to each Web server for the CMS keystore. For the Web server plug-in to be able to communicate with a newly federated node, manually exchange signers with the CMSKeyStore keystore. Use the admin console keystore certificate management function to exchange signers.


Related tasks

Set the Web server plug-in for SSL