Configure output transport

Outbound transports refers to the transport used to connect to a downstream server. When you configure the outbound transport, consider the transports the downstream servers support. If Secure Sockets Layer (SSL), consider including the signers of the downstream servers in this server truststore file for the handshake to succeed. When you select an SSL configuration, that configuration points to keystore and truststore files that should contain the necessary signers. If you have configured client certificate authentication for this server in the Security --> Authentication Protocols --> CSIv2 Outbound Authentication panel, then the downstream servers should contain the signer certificate belonging to the server personal certificate.

To configure the outbound transport, see the following tasks:

Configure CSIv2 outbound transport

  1. Select the type of transport and the SSL settings in the Security --> Authentication Protocol --> CSIv2 Outbound Transport panel. By selecting the type of transport, as noted previously, you are choosing the transport to use when connecting to downstream servers. The downstream servers support the transport you choose. If you choose SSL-Supported, the transport used is negotiated during the connection. If both the client and server support SSL, always choose SSL-Supported unless the request is considered a special request that does not require SSL, such as if an ORB is a request.

    For more information about the settings, see the administrative console help topic, CSI transport outbound settings. Go to Help documentation

  2. Click OK.

  3. Click Save to save your changes to the configuration.

  4. Pick the SSL Settings that correspond to an SSL transport. These SSL settings are defined in the Security --> SSL panel, and include the SSL configuration of keystore files, truststore files, file formats, security levels, ciphers, cryptographic token selections, and so on. Ensure that the truststore file in the selected SSL configuration contains the signers for any downstream servers. Also, ensure that the downstream servers contain the server signer certificates when outbound client certificate authentication is used.

  5. Click OK.

  6. Click Save to save your changes to the configuration.

  7. (Network Deployment only) Synchronize the configuration with all node agents.

  8. Stop and restart all servers.

Configure SAS outbound transport

  1. Select the SSL settings used for outbound requests to downstream SAS servers in the Security --> Authentication Protocol --> SAS Outbound panel. Remember that the SAS protocol allows interoperability with previous releases. When configuring the keystore and truststore files in the SSL configuration, these files should have the correct information for interoperating with previous releases of WebSphere Application Server. For example, a previous release has a different personal certificate than the Version 5.0 release. If you use the keystore file from the Version 5.0 release, add the signer to the truststore file of the previous release. Also, extract the signer for the Version 5.0 release and imported that signer into the truststore file of the previous release.

    For more information about the settings, see the administrative console help topic, SAS transport outbound settings. Go to Help documentation

  2. Click OK.

  3. Click Save to save your changes to the configuration.

  4. (Network Deployment only) Synchronize the configuration with all node agents.

  5. Stop and restart all servers.