Prepare for security at installation time
Tasks
- Secure the environment before installation.
- Prepare the operating system for installation of WAS.
This step describes how to prepare the different operating systems for installation of WAS.
- Install WAS.
- Migrate security configurations from previous releases during installation, when we are prompted to do so.
This step describes how to migrate security configurations from a previous release of WAS to WAS v9.0.
- Optional: (Dist) Create a profile during install time.
If we elect to do so, administrative security is enabled for that profile by default.
A panel is displayed during profile creation time and enabling administrative security is selected by default. If we elect to keep this as the default, supply an administrative user ID and password. This user ID is created in a federated repository, which is the default user registry when enabling administrative security at profile creation time.
- If we go into the advanced profile creation, a panel is available for changing the default settings for our certificate, a root certificate (used to sign your personal certificate) and a personal certificate (used to sign/encrypt data over the network).
Ensure that the root certificate has a long lifetime and the personal certificate a shorter one. Import our own personal certificate and or root certificate. If our personal certificate is signed by the certificate authority (CA), it is not important to change your root certificate. We should also change the default keystore password to something more secure.
- Optional: (ZOS) During customization of a stand-alone application server or WAS ND cell, we can enable administrative security using either a z/OS security product or WAS to manage users, groups, and the security policy.
- Secure the environment after installation.
This step provides information on how to protect password information after we install WAS.
- For information about enabling security after customization is complete, see Enable security.
Subtopics
- Secure the environment before installation
- Secure the environment after installation
- WAS security for z/OS
- (ZOS) Define Secure Sockets Layer security for servers
- (ZOS) Create SSL digital certificates and SAF keyrings that applications can use to initiate HTTPS requests
- (ZOS) Create a new System SSL repertoire alias
- (ZOS) Create a new Java Secure Socket Extension repertoire alias
- (ZOS) Set up SSL connections for Java clients
(ZOS) z/OS Profile Management Tool security settings