Configure Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is used by multiple components within WebSphere Application Server to provide trust and privacy.

About this task The following contains these components:

• Built-in HTTP transport

• Object Request Broker (ORB) for client and server

• Secure Lightweight Directory Access Protocol (LDAP) client.

Configuring SSL is different between the client and server with WebSphere Application Server.

Procedure

1. Configure the client (JSSE). Use the sas.client.props file that is located, by default, in the profile_root/properties directory. The sas.client.props file is a configuration file that contains lists of property-value pairs, using the property = value syntax. The property names are case sensitive, but the values are not; the values are converted to lowercase when the file is read. Specify the following properties for an SSL connection:

   • com.ibm.ssl.protocol

   • com.ibm.ssl.keyStoreType

   • com.ibm.ssl.keyStore

   • com.ibm.ssl.keyStorePassword

   • com.ibm.ssl.trustStoreType

   • com.ibm.ssl.trustStore

   • com.ibm.ssl.trustStorePassword

   • com.ibm.ssl.enabledCipherSuites

   • com.ibm.ssl.contextProvider

   • com.ibm.ssl.keyStoreServerAlias

   • com.ibm.ssl.keyStoreClientAlias

   • For the Secure Authentication Services (SAS) authentication protocol only: com.ibm.CORBA.standardPerformQOPModels

   • For the cryptographic token device:

     • com.ibm.ssl.tokenType

     • com.ibm.ssl.tokenLibraryFile

     • com.ibm.ssl.tokenPassword

     • com.ibm.ssl.tokenSlot (added as a custom property)

2. Configure the server. Use the administrative console to configure an application server that makes SSL connections. To start the administrative console, specify the following Web address: http://server_hostname:port_number/ibm/console.

3. Refer to Defining Secure Sockets Layer connections . You can select the alias later when a component is configured for SSL support. An SSL configuration repertoire entry contains the following fields:

   • Typical configuration settings:

     • Alias

     • Key file name

     • Key file password

     • Key file format

     • Trust file name

     • Trust file password

     • Trust file format

     • Client authentication

     • Security level

     • Cipher suites

   • For the cryptographic token device:

     • Cryptographic token (Create the alias first so you can configure these fields).

       • Token type

       • Library file

       • Password

   • For additional Java properties:

     • Custom properties (Create the alias first so you can configure these fields).

       • com.ibm.ssl.contextProvider

       • com.ibm.ssl.protocol

       • For crypto slot:

         com.ibm.ssl.tokenSlot

       • Alias selection for client authentication to servers:

         com.ibm.ssl.keyStoreClientAlias

       • Alias selection for server authentication to clients:

         com.ibm.ssl.keyStoreServerAlias

   Note: WebSphere Application Server contains IBM Developer Kit for Java Technology Edition Version 1.4.2 , which includes changes from IBM Developer Kit for Java Technology Edition Version 1.3.

   For more information, see Changes to IBM Developer Kit for Java Technology Edition Version 1.4.x .

4. Enable SSL for a component. Navigate to a component, and configure it according to the SSL configuration repertoire process in the previous step.

Sub-topics

Related concepts

Related tasks

Related reference

Secure Sockets Layer configuration repertoire settings