Trust managers settings
This page enables us to view and set definitions for trust manager implementation settings. A trust manager is a class that gets invoked during an SSL handshake to make trust decisions about the remote end point. A default trust manager is used to validate the signature and expiration of the certificate. Custom trust managers can be plugged in to perform an extended certificate and hostname check.
From the admin console, click...
Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration > Related items > Trust managers > New .
Name
Name of the trust manager.
Information Value Data type: Text Default: ibmX509TrustManager
Management scope
Scope where this SSL configuration is visible. For example, if we choose a specific node, then the configuration is only visible on that node and any servers that are part of that node.
This field is not editable and provides information only.
Standard
That the trust manager selection is available from a Java provider installed in the java.security file. This provider might be shipped by the Java Secure Sockets Extension (JSSE) or might be a custom provider that implements the javax.net.ssl.X509TrustManager interface.
Information Value Default: Enabled
Provider
Provider name that has an implementation of the javax.net.ssl.X509TrustManager interface. This provider is typically set to IBMJSSE2.
Enabled when Standard is selected.
Information Value Default IBMJCE
Algorithm
Algorithm name of the trust manager implemented by the selected provider.
Enabled when Standard is selected.
Information Value Default ibmX509 or IbmPKIX Range ibmX509, IbmPKIX
Custom
That the trust manager selection is based on a custom implementation class that implements the javax.net.ssl.X509TrustManager interface and optionally the com.ibm.wsspi.ssl.TrustManagerExctendedInfo interface to obtain additional connection information that is not otherwise available.
Information Value Default: Disabled
Class name
Class that implements the javax.net.ssl.X509TrustManager interface. Optionally, the class can implement the com.ibm.wsspi.ssl.TrustMangerExtendedInfo interface to get extended information about the connection. The class can use the information to verify the host name and so on.
Enabled when Custom is selected.
Information Value Data type: Text
Create a Secure Sockets Layer configuration Trust managers collection