+

Search Tips   |   Advanced Search

Configure outbound transports

By using this configuration, we can configure a different transport for inbound security versus outbound security.

Outbound transports refers to the transport used to connect to a downstream server. When we configure the outbound transport, consider the transports that the downstream servers support. If we are considering SSL, also consider including the signers of the downstream servers in this server truststore file for the handshake to succeed.

When we select an SSL configuration, that configuration points to keystore and truststore files that contain the necessary signers.

(ZOS) When we select an SSL configuration, that configuration points to keystore and truststore keyrings and keystore and truststore files that contain the necessary signers.

If we configured client certificate authentication for this server by completing the following steps, then the downstream servers contain the signer certificate belonging to the server personal certificate:

  1. Click Security > Global security.

  2. Under RMI/IIOP security, click CSIv2 outbound communications.

Configure the outbound transport panels.


Tasks

  1. Select the type of transport and the SSL settings by clicking Security > Global security. Under RMI/IIOP security, click CSIv2 outbound communications. By selecting the type of transport, we choose the transport to use when connecting to downstream servers. The downstream servers support the transport chosen. If we choose SSL-Supported, the transport used is negotiated during the connection. If both the client and server support SSL, always select the SSL-Supported option unless the request is considered a special request that does not require SSL, such as if an object request broker (ORB) is a request.

  2. Select the SSL required option to use Secure Sockets Layer communications with the outbound transport.

    If we select the SSL required option or the SSL supported option, we can select either the Centrally managed or Use specific SSL alias option.

    Centrally managed

    Enable us to specify an SSL configuration for particular scope such as the cell, node, server, or cluster in one location. To use the Centrally managed option, we must specify the SSL configuration for the particular set of endpoints. The Manage endpoint security configurations and trust zones panel displays all of the inbound and outbound endpoints that use the SSL protocol. If we expand the Inbound or Outbound section of the panel and click the name of a node, we can specify an SSL configuration used for every endpoint on that node. For an outbound transport, we can override the inherited SSL configuration by specifying an SSL configuration for a particular endpoint. To specify an SSL configuration for an outbound transport, click Security > SSL certificate and key management > Manage endpoint security configurations and trust zones and expand Outbound.

    Use specific SSL alias

    Select the Use specific SSL alias option if we intend to select one of the SSL configurations in the menu under the option. The default is DefaultSSLSettings. To modify or create a new SSL configuration, complete the steps described in Create a Secure Sockets Layer configuration.

  3. Click Apply.

The outbound transport configuration is complete. With this configuration, we can configure a different transport for inbound security versus outbound security. For example, if the application server is the first server used by users, the security configuration might be more secure. When requests go to back-end enterprise beans servers, we might consider less security for performance reasons when you go outbound. With this flexibility we can design a transport infrastructure that meets our needs.


What to do next

When we finish configuring security, perform the following steps to save, synchronize, and restart the servers.


Subtopics

  • Configure CSIv2 inbound and outbound communication settings
  • Configure inbound messages
  • Configure outbound messages