Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows
Secure Socket Layer
This section provides information about adding a secure socket layer to your LDAP server.
Configuring WebSphere Portal Express for SSL adds security to the client-portal exchange. It encrypts all traffic between the client browser and the server, so that no one can "eavesdrop" on the information that is exchanged over the network between the client browser and WebSphere Portal Express. In addition, assuming that the WebSphere Application Server is also configured to accept (or even require) SSL connections, the LTPA Token and other security and session information can be completely protected against hijack and replay attacks.
Configuring WebSphere Portal Express for SSL is a multistep process that involves configuring the following components:
- Web (HTTP) server running in front of WebSphere Application Server
- WebSphere Application Server
- WebSphere Portal Express
In general, the Web server must be configured to accept inbound SSL traffic. Then, the WebSphere Application Server plugin for the Web server must be configured to forward traffic on that port to WebSphere Application Server and WebSphere Portal Express. This involves configuring the virtual host information. Finally, WebSphere Portal Express must be set up to generate self-referencing URLs using SSL as the transport.
After completing the following procedures, all requests, starting with the login, are encrypted.
- Setting up SSL
This section describes the overall tasks that are required to configure SSL for IBM® WebSphere® Portal Express. Some of these tasks are performed on the IBM WebSphere Application Server and the Web server. The steps that refer to the WebSphere Application Server and the Web server are summarized here; you should refer to the WebSphere Application Server and the Web server documentation for more detailed information. Steps that are unique to WebSphere Portal Express are described in detail here. - Configuring SSL only for the login process
This topic provides two methods to secure only the login process over SSL. - Setting up Client Certificate Authentication
This section describes the steps that are necessary to configure IBM WebSphere Portal Express for SSL client certificate authentication. The supported scenario is a "client certificate only" setup that switches completely to this authentication method and does not allow form-based login via username and password. Other configuration scenarios are possible, but are neither recommended nor supported.