Administration guide > Secure the deployment environment > Tutorial: Security in a mixed environment > Module 3: Configure transport security


Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security in a mixed environment with an external authenticator > Module 3: Configure transport security >

< Previous | Next >


Lesson 3.2: Add SSL properties to the catalog server properties file

The catalog server is running outside of WebSphere Application Server, so configure the SSL properties in the server properties file.

The other reason to configure the SSL properties in the server properties file is because the catalog server has its own proprietary transport paths that cannot be managed by the WebSphere Application Server Common Secure Interoperability Protocol v2 (CSIV2) transport settings. Therefore, configure the SSL properties in the server properties file for the catalog server.


SSL properties in the catServer3.props file

alias=default
contextProvider=IBMJSSE2
protocol=SSL
keyStoreType=PKCS12
keyStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/key.p12 
keyStorePassword=WebAS
trustStoreType=PKCS12
trustStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/trust.p12
trustStorePassword=WebAS
clientAuthentication=false

The catServer3.props file is using the default WebSphere Application Server node level keystore and truststore. If you are deploying a more complex deployment environment, choose the correct keystore and truststore. In some cases, create a keystore and truststore and import the keys from keystores from the other servers. Notice that the WebAS string is the default password of the WebSphere Application Server keystore and truststore. See Default self-signed certificate configuration for more details.

These entries are already included in the samples_home/security_extauth/catServer3.props file as comments. You can uncomment the entries and make the appropriate updates for the installation to the was_root, <deployment_manager_name>, <cell_name>, and <node_name> variables.

After configuring the SSL properties, change the transportType property value from TCP/IP to SSL-Required.


SSL properties in the client3.props file

You must also configure the SSL properties in the client3.props file because this file is used when you stop the catalog server that is running outside of WebSphere Application Server.

These properties have no effect on the client servers that are running in WebSphere Application Server because they are using the WebSphere Application Server Common Security Interoperability Protocol v2 (CSIV2) transport settings. However, when you stop the catalog server provide a client properties file on the stopOgServer command. Set the following properties in the <SAMPLES_HOME>/security_extauth/client3.props file to match the values specified above in the catServer3.props file:

#contextProvider=IBMJSSE2 
#protocol=SSL 
#keyStoreType=PKCS12 
#keyStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/key.p12  
#keyStorePassword=WebAS 
#trustStoreType=PKCS12 
#trustStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/trust.p12 
#trustStorePassword=WebAS

As with the catServer3.props file, you can use the comments that are already provided in the samples_home/security_extauth/client3.props file with appropriate updates to was_root, <deployment_manager_name>, <cell_name>, and <node_name> variables to match the environment.


Lesson checkpoint

You configured the SSL properties for the catalog server.

< Previous | Next >