Administration guide > Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS > Module 3: Configure transport security


Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS > Module 3: Configure transport security >

< Previous | Next >


Lesson 3.2: Add SSL properties to the catalog server properties file

The catalog server has its own proprietary transport paths that cannot be managed by the WebSphere Application Server Common Secure Interoperability Protocol v2 (CSIV2) transport settings. Therefore, configure the SSL properties in the server properties file for the catalog server.

To configure catalog server security, additional steps are necessary because the catalog server has its own proprietary transport paths. These transport paths cannot be managed by the Application Server CSIV2 transport settings.

  1. Edit the SSL properties in the catServer2.props file.

    To configure catalog server security, uncomment the following SSL properties in the catalog server properties file. For this tutorial, the catalog server properties are in the catServer2.props file. Update the keyStore and trustStore properties to refer to the proper location in the environment.

    #alias=default
    #contextProvider=IBMJSSE2
    #protocol=SSL
    #keyStoreType=PKCS12
    #keyStore=/<WAS_HOME>/IBM/WebSphere/AppServer/profiles/<DMGR_NAME>/config/
    cells/<CELL_NAME>/nodes/<NODE_NAME>/key.p12 
    #keyStorePassword=WebAS
    #trustStoreType=PKCS12
    #trustStore=/<WAS_HOME>/IBM/WebSphere/AppServer/profiles/<DMGR_NAME>/config/
    cells/<CELL_NAME>/nodes/<NODE_NAME>/trust.p12
    #trustStorePassword=WebAS
    #clientAuthentication=false
    

    The catServer2.props file is using the default WebSphere Application Server node level keystore and truststore. If you are deploying a more complex deployment environment, choose the correct keystore and truststore. In some cases, create a keystore and truststore and import the keys from keystores from the other servers. Notice that the WebAS string is the default password of the WebSphere Application Server keystore and truststore. See Default self-signed certificate configuration for more details.

  2. In the catServer2.props file, update the value of the transportType property. For previous steps of the tutorial, the value was set to TCP/IP. Change the value to SSL-Required.

  3. Restart the deployment manager to activate the changes to the catalog server security settings.


Lesson checkpoint

You configured the SSL properties for the catalog server.

< Previous | Next >