WAS v8.5 > Secure applications > Secure communications > Create an SSL configurationCreate a custom trust manager configuration for SSL
We can create a custom trust manager configuration at any management scope and associate the new trust manager with a SSL configuration.
Develop, package, and locate a Java Archive JAR file for a custom key manager in...
was.install.root/lib/ext
Complete the following steps in the dmgr console:
- Decide whether to create the custom trust manager at the cell scope or below the cell scope at the node, server, or cluster, for example.
When creating a custom trust manager at a level below the cell scope, we can associate it only with a SSL configuration at the same scope or higher. An SSL configuration at a scope lower than the trust manager does not see the trust manager configuration.
- To create a custom trust manager at the cell scope, click...
Security | SSL certificate and key management | Trust managers
Every SSL configuration in the cell can select the trust manager at the cell scope.
- To create a custom trust manager at a scope below the cell level, click...
Security | SSL certificate and key management | Manage endpoint security configurations | {Inbound | Outbound} | ssl_configuration | Trust managers
- Click New to create a new custom trust manager.
- Type a unique trust manager name.
- Select the Custom implementation setting.
The custom setting enables you to define a Java class with an implementation of the interface...
javax.net.ssl.X509TrustManager
...and, optionally, the WAS interface...
com.ibm.wsspi.ssl.TrustManagerExtendedInfo
The standard implementation setting applies only when the trust manager is already defined in the Java security provider list as a provider and an algorithm, which is not the case for a custom trust manager.
- Type a class name, for example...
- Select one of the following actions:
- To add custom properties to the new custom trust manager...
Apply | Custom properties | Additional Properties
When you are finished adding custom properties, click OK and Save, then go to the next step.
- Click OK and Save, then go to the next step.
- In the page navigation at the top of the panel, click...
SSL certificate and key management
- Select one of the following actions:
- For a cell-scoped SSL configuration.
Related Items | SSL configurations
- To select an SSL configuration at a lower scope, click...
Manage endpoint security configurations
- Click the link for the existing SSL configuration to associate with the new custom trust manager.
We can create a new SSL configuration instead of associating the custom trust manager with an existing configuration.
- Click...
Trust and Key managers | Additional Properties
If the new custom trust manager is not listed in the Additional ordered trust managers list, verify selected an SSL configuration scope that is at the same level or below the scope selected in Step 8.
- Click Add.
This action adds the new trust manager to the list of custom trust managers.
- Click OK and Save.
Results
You have created a custom trust manager configuration that references a JAR file in the install directory of WAS and associates it with an SSL configuration during the connection handshake.
We can create a custom trust manager for a pure client.
For more information, see the TrustManagerCommands command group for AdminTask topic.
Subtopics
- Trust and key managers settings
- Trust managers page
- Trust managers settings
- Example: Develop a custom trust manager for custom SSL trust decisions
- Trust and key managers settings
- Trust managers page
- Trust managers settings
- Example: Developing a custom trust manager for custom SSL trust decisions
Related concepts:
SSL configurations
Trust manager control of X.509 certificate trust decisions
Example: Develop a custom trust manager for custom SSL trust decisions
TrustManagerCommands command group for AdminTask