Configure Secure Sockets Layer

 

+

Search Tips   |   Advanced Search

 

Overview

SSL is used by the following WAS components...

  • Built-in HTTP Transport
  • ORB for client and server
  • Secure LDAP client.

To use an application with the default SSL repertoire, find the value for the appserver port WC_defaulthost_secure, verify it is in Environment | Virtual Hosts for your node, and then use the URL:

hostname:WC_defaulthost_secure:/appname

 

Procedure

  1. Configure the client (JSSE). Use the sas.client.props file located, by default, in...

    install_root/profiles/profile/properties

     

    sas.client.props

    The sas.client.props file is a configuration file that contains lists of property-value pairs, using the syntax...

    <property> = <value>

    Edit this file is you want to add new, non-default values.

    The property names are case sensitive, but the values are not; the values are converted to lowercase when the file is read. Specify the following properties for an SSL connection:

    • com.ibm.ssl.protocol
    • com.ibm.ssl.keyStoreType
    • com.ibm.ssl.keyStore
    • com.ibm.ssl.keyStorePassword
    • com.ibm.ssl.trustStoreType
    • com.ibm.ssl.trustStore
    • com.ibm.ssl.trustStorePassword
    • com.ibm.ssl.enabledCipherSuites
    • com.ibm.ssl.contextProvider
    • com.ibm.ssl.keyStoreServerAlias
    • com.ibm.ssl.keyStoreClientAlias

    • For the SAS authentication protocol only:

      com.ibm.CORBA.standardPerformQOPModels

    • For the cryptographic token device:

      • com.ibm.ssl.tokenType
      • com.ibm.ssl.tokenLibraryFile
      • com.ibm.ssl.tokenPassword
      • com.ibm.ssl.tokenSlot (added as a custom property)

  2. Use the administrative console to configure an application server that makes SSL connections.

  3. Create a Secure Sockets Layer repertoire configuration entry.

    We can select the alias later when a component is configured for SSL support. An SSL configuration repertoires entry contains the following fields:

    • Typical configuration settings:

      • Alias
      • Key file name
      • Key file password
      • Key file format
      • Trust file name
      • Trust file password
      • Trust file format
      • Client authentication
      • Security level
      • Cipher suites

    • For the cryptographic token device:

      • Cryptographic token (Create the alias first so one can configure these fields).

        • Token type
        • Library file
        • Password

    • For additional Java properties:

      • Custom properties (Create the alias first so one can configure these fields).

        • com.ibm.ssl.contextProvider
        • com.ibm.ssl.protocol
        • com.ibm.ssl.tokenSlot (for crypto slot)
        • com.ibm.ssl.keyStoreClientAlias (alias selection for client authentication to servers)
        • com.ibm.ssl.keyStoreServerAlias (alias selection for server authentication to clients)

    Note: WAS contains IBM Developer Kit for Java Technology Edition V1.4.2 , which includes changes from IBM Developer Kit for Java Technology Edition V1.3. See Changes to IBM Developer Kit for Java Technology Edition V1.4.x for more information.

  4. Create a virtual host entry for the SSL port being used by the Web Container. For example, if the secure port for your appserver is 9449, create a virtual host entry using that port.

 

See also

Configure SSL for Web client authentication
Configure SSL for the LDAP client
Change the default SSL repertoire key files
Configure IBM HTTP Server for SSL mutual authentication
Configure the Web server plug-in for SSL
Configure SSL for Java client authentication
SSL configuration repertoire settings
Create a SSL repertoire configuration entry
Configure FIPS Java SSL files
Digital certificates
Manage digital certificates
Changes to IBM Developer Kit for Java Technology Edition V1.4.x

 

See Also

SSL
Authentication protocol for EJB security