Configure CSIv2 for SSL client authentication

To configure CSIv2 for SSL client authentication, perform the following steps:

  1. Configure the client application for SSL authentication.

  2. Configure WebSphere Application server for SSL client authentication.

Configure the client application for SSL authentication

To configure the Java client application, you customize the settings in the sas.client.props file. The file is then packaged with your Java client application to provide runtime settings.

To edit the sas.client.props file for your client application, complete the following steps:

  1. Open the sas.client.props file in a text editor. A copy of file is located in the /QIBM/UserData/WebAS5/product/instance/properties directory, where product is either Base or ND, and instance is the name of your server instance.

  2. To require SSL client authentication, set the property com.ibm.CSI.performTLClientAuthenticationRequired=true. Do not set this property unless you know your target server also supports SSL client authentication for the inbound CSI authentication protocol.

  3. To support SSL client authentication, set the property com.ibm.CSI.performTLClientAuthenticationSupported=true.

  4. To specify the CSI protocol, set the property com.ibm.CSI.protocol=csiv2.

  5. To match the SSL protocol configured with your server, set the property com.ibm.ssl.protocol accordingly.

  6. Specify the com.ibm.CORBA.ConfigURL property with the fully qualified path of your Java property file when you run your application. For example, -Dcom.ibm.CORBA.ConfigURL=file:/QIBM/UserData/WebAS5/product/instance/properties/sas.client.props where product is Base or ND and instance is the name of your instance.

  7. Save the sas.client.props file and package it with your client application.

Configure WebSphere Application server for SSL client authentication

To configure your WebSphere Application Server instance, complete the following steps:

  1. Start the WebSphere administrative console.

  2. In the navigation menu, expand Security and then click Authentication Protocol.

  3. Click CSIv2 Inbound Authentication.

  4. Select Supported or Required for the Client Certificate Authentication field.

  5. Click OK.

  6. If you selected Required for client cerificate authentcation, configure the CSIv2 outbound authentication as well to support the client certificate authentication. Otherwise, you can skip this step.

    Click CSIv2 Outbound Authentication, and select either Supported or Required for the Client Certificate Authentication field.

  7. Click CSIv2 Outbound Transport. Select an SSL setting from the SSLSettings list for keystore, truststore, cryptographic token, SSL protocol, and ciphers use. Create an alias from the SSL Configuration Repertoires panel for an SSL setting. Update the SSL setting that you selected in the CSIv2 Inbound Transport panel.

  8. Save your configuration.

  9. Restart the server for the changes to become effective.