WAS v8.5 > Secure applications > Secure communications > Secure communications using SSL

Dynamic configuration updates in SSL

To make dynamic changes, in the dmgr console, select...

Save changes and then synchronize the security.xml file with remote systems. On each remote system, edit security.xml and verify the following is set...

The SSL runtime reloads the modified SSL configuration and creates a new SSLEngine for the modified connections associated with inbound endpoints. New outbound connections use the new configuration while existing connections continue to use the old SSLEngine object and are not affected.

To enable dynamicallyUpdateSSLConfig attribute in the security.xml file...

  1. Set dynamicallyUpdateSSLConfig=On.

  2. Save the updated configuration.
  3. Synchronize the security.xml file with remote systems.
  4. Set the dynamicallyUpdateSSLConfig attribute to Off.

Verify that all of the nodes receive the changes before turning off the dynamicallyUpdateSSLConfig attribute. Test the changes in a test environment before updating the production environment.

Some SSL changes, especially administrative SSL changes, can cause server outages if you fail to test them first. When a change prevents trust between two endpoints, the endpoints cannot communicate with each other. Additionally, if administrative SSL connection updates cause system outages, we might need to disable the nodes after you make corrective changes using the deployment manager. From the command line, we can manually synchronize the server to retrieve the new SSL changes, then restart the nodes.


+

Search Tips   |   Advanced Search