+

Search Tips   |   Advanced Search

Secure communications using SSL

SSL encrypts traffic between the client browser and portal. In addition, the LTPA Token and other security and session information can be protected against hijack and replay attacks.

In general, the web server is configured to accept inbound SSL traffic. The WAS plug-in for the web server is configured to forward traffic on the secure port to WebSphere portal. A virtual host for SSL is configured. Finally, WebSphere Portal is configured to generate self-referencing URLs using SSL as the transport.

If a front-end security proxy server such as Security Access Manager WebSEAL is used, the front-end security server handles the client SSL connections. The web server receives connections from the front-end security proxy server. Mutually authenticated SSL can be configured in the web server and the front-end security proxy server if needed. It is highly dependent on the security requirements of each deployment.


Parent Security and authentication considerations


Related information


WebSphere Application Server Security Guide: Chapter 5