Configure the WebSEAL key database

Configure the WebSEAL key database

WebSEAL stores client-side certificates and CA root certificates, used for SSL communication with the distributed session cache, in a key database file.

The purpose of each certificate is as follows:

The CA root certificate is used to validate the server certificate returned by the distributed session cache.
The client-side certificate is used by WebSEAL to communicate with the distributed session cache server.

To specify the key database file, use the ssl-keyfile stanza entry in the [dsess-cluster] stanza of the WebSEAL configuration file. For example:
[dsess-cluster] ssl-keyfile = key-file-name

Unless ISAM SSL certificates are being used for communication between WebSEAL and the distributed session cache, use a separate key file from the other WebSEAL key files as the value for ssl-keyfile.
To specify the key database stash file (containing password information for access to the database file), use the ssl-keyfile-stash stanza entry in the [dsess-cluster] stanza of the WebSEAL configuration file. For example:
[dsess-cluster] ssl-keyfile-stash = key-file-name

To specify the label name for the client-side certificate, use the ssl-keyfile-label stanza entry in the [dsess-cluster] stanza of the WebSEAL configuration file. For example:
[dsess-cluster] ssl-keyfile-label = label-name

Parent topic: SSL configuration for WebSEAL and the distributed session cache