+

Search Tips   |   Advanced Search

Cryptographic hardware for SSL acceleration

If the portal environment makes extensive use of SSL, we might choose to use cryptographic hardware to offload encryption and improve performance. WebSphere Portal tolerates interfacing through WebSphere Application Server with cryptographic hardware for SSL acceleration. However, the tasks involved in setting up and configuring cryptographic hardware are specific to web servers or WebSphere Application Server and do not necessarily involve configuring WebSphere Portal.

The WAS Information Center contains several topics for setting up and configuring password encryption with cryptographic hardware. Refer to these topics to get started with password encryption and learn more about available encryption features.

Most cryptographic hardware requires the PKCS11 support software for the host machine and internal firmware. To get started with cryptographic hardware, install the required support software, configure IBM HTTP Server, then install the necessary devices. Refer to Get started with the cryptographic hardware for SSL.

We can create a plug point to encrypt and decrypt all passwords in WebSphere Application Server currently encoded or decoded using Base64-encoding. Refer to Plug point for custom password encryption at:

Create a custom class to encrypt passwords after creating the server profile. Refer to Enable custom password encryption at:

In stand-alone environments, administrative functions such as installing WAR files or adding trace settings can fail when you meet both of the following conditions:

  • Your WebSphere Portal server uses the RSA_token value for security.

  • You enable cryptographic offloading of SSL decryption and encryption through an implementation of PKCS11.

If the stand-alone environment meets both of the preceding conditions, complete the following steps:

  1. Log in to the WAS admin console and select...

      Security | Global Security | Administrative security | Administrative authentication | Only use the active application authentication mechanism

  2. Click Apply then OK and save the changes to the master configuration.

  3. Log out of the WAS admin console.

  4. Restart the WebSphere_Portal server.


Parent Configure SSL

Previous topic: Set up Client Certificate Authentication

Related tasks: