Configure Common Secure Interoperability Version 2 for Secure Sockets Layer client authentication

Configure the Secure Sockets Layer (SSL) client authentication using the sas.client.props configuration file or the administrative console. To configure a Java client application, use the sas.client.props configuration file. By default, the sas.client.props file is located in the profile_root/properties directory of your WebSphere Application Server installation, where profile_root is the directory that contains your profile. In the default installation, profile_root is /QIBM/UserData/WebSphere/AppServer/V6/edition/profiles.

To configure a WebSphere Application Server, use the administrative console. To start the administrative console, specify URL: http://server host_name:9060/ibm/console.

To configure a Java client application, complete the following steps, which explain how to edit the sas.client.props file directly:

To require SSL client authentication, set property com.ibm.CSI.performTLClientAuthenticationRequired=true. Do not set this property unless you know your target server also supports SSL client authentication for the inbound CSI authentication protocol.
To support SSL client authentication, set the property com.ibm.CSI.performTLClientAuthenticationSupported=true.
To specify the CSI protocol, set the property com.ibm.CSI.protocol=csiv2.
To match the SSL protocol configured with your server, set the property, com.ibm.ssl.protocol, accordingly.
Specify the com.ibm.CORBA.ConfigURL property with the fully qualified path of your Java property file when you run your application. For example, Dcom.ibm.CORBA.ConfigURL=file:/QIBM/UserData/WebSphere/AppServer/V6/Base/profiles/profile_name/properties/sas.client.props

Related concepts
Authentication protocol for EJB security

Related reference
Cryptographic token settings