Secure communications

The application server provides several methods to secure communication between a server and a client. Use this topic to configure SSL, keystores, certificate authorities, key sets and groups, and certificates.

• Configure secure communications using SSL.

  Use the SSLConfigCommands, SSLConfigGroupCommands, DynamicSSLConfigSelections and SSLTransport command groups (AdminTask), and complete the following tasks to create and administer SSL configurations:

  • Create an SSL configuration at the node scope .

  • Automate SSL configurations .

• Create a keystore configuration.

  Use the KeyStoreCommands (AdminTask), and complete the following tasks to create and administer keystore configurations.

  • Update default key store passwords

• Create a certificate authority (CA) client configuration.

  A CA client object contains all of the configuration information necessary to connect to a third-party CA server. Use the CAClientCommands (AdminTask), and complete the following tasks to create and administer CA client objects in the configuration:

  • Configure CA clients

  • Administer CA clients

• Administer certificate configurations.

  Use the CertificateRequestCommands, PersonalCertificateCommands, and SignerCertificateCommands command groups (AdminTask), and complete the following tasks to administer personal certificates, CA certificates, and self-signed certificates:

  • Create self-signed certificates

  • Configure CA certificates

• Create key sets and key groups.

  Use the KeySetCommands, KeySetGroupCommands, and KeyReferenceCommands command groups (AdminTask) to create and administer key set and group configurations.

Subtopics

• Create an SSL configuration at the node scope
  A SSL configuration references many other configuration objects. To help we make valid selections for the new SSL configuration before creating it, view information about existing configuration objects. Information about existing objects is also useful when creating a node scoped SSL configuration using the createSSLConfig command of the AdminTask object.

• Automating SSL configurations
  SSL configuration is needed for WebSphere to perform SSL connections with other servers. An SSL configuration can be configured through the Admin Console. But if an automated way to create an SSL configuration is desired then AdminTask should be used.

• Update default key store passwords
  Use the Jython or Jacl scripting language to change the default key store passwords. A key store file is created with a default password when you install the application server. Change this password to protect the security configuration.

• Configure certificate authority client objects
  Use this topic to create a certificate authority (CA) client object. The client object contains all of the configuration information necessary to connect to the third-party CA server. A CA client must exist in the configuration before we can issue a request to the CA to create personal certificates with the requestCACertificate command.

• Administer certificate authority clients
  Use this topic to modify certificate authority (CA) client objects. The client object contains all of the configuration information necessary to connect to the third-party CA server.

• Set a certificate authority certificate as the default certificate
  Use this topic to make a request to an external certificate authority (CA) to create a personal certificate. After the CA returns the certificate and the certificate is saved in the keystore, then we can use it as the server default personal certificate.

• Create certificate authority (CA) personal certificates
  Use this topic to create CA certificates from a certificate authority (CA).

• Revoking certificate authority personal certificates
  We can revoke CA certificates from a certificate authority (CA). Revoke personal certificates that are no longer being used in our configuration.

• CAClientCommands (AdminTask)
  Use the Jython scripting language to manage your certificate authority (CA) client configurations with wsadmin.sh. Use commands in the CAClientCommands group to create, modify, query, and remove connections to a third-party CA server.

• Create self-signed certificates
  Use the Jython or Jacl scripting language to create self-signed certificates with wsadmin.sh.

• keyManagerCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security. The commands and parameters in the keyManagerCommands group can be used to manage key manager settings. Use these commands to create, modify, list, or obtain information about key managers.

• KeyStoreCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure keystores with wsadmin.sh. A keystore is created by the application server during install and can contain cryptographic keys or certificates. The commands and parameters in the KeyStoreCommands group can be used to create, delete, and manage keystores.

• SSLConfigCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the SSLConfigCommands group manage Secure Sockets Layer (SSL) configurations and properties.

• SSLConfigGroupCommands group (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the SSLConfigGroupCommands group manage SSL configuration groups.

• TrustManagerCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the TrustManagerCommands group can be used to create, delete, and query trust manager settings in the configuration. We can also use these commands to create a custom trust manager for a pure client.

• KeySetCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the KeySetCommands group can be used to create, delete, and query for key set settings in the configuration.

• KeyReferenceCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the KeyReferenceCommands group manage the key reference settings for key set objects in the configuration.

• KeySetGroupCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the KeySetGroupCommands group manage key set groups. Use these commands to manage groups of public, private, and shared keys.

• DynamicSSLConfigSelections (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the DynamicSSLConfigSelections group can be used to create, delete, and query dynamic SSL configuration selection objects.

• PersonalCertificateCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the PersonalCertificateCommands group manage personal or signer certificates.

• WSCertExpMonitorCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the WSCertExpMonitorCommands group can be used to start or update the certificate expiration monitor.

• SignerCertificateCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the SignerCertificateCommands group can be used to create and modify signer certificates in relation to the key store file and to query for signer information on ports of remote hosts.

• CertificateRequestCommands (AdminTask)
  Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the CertificateRequestCommands group manage certificate requests.

Related tasks

Secure communications