SSL Repertoire and SSL connections
 Technote (troubleshooting)
 
Problem(Abstract)
How a connection knows if it is SSL or non-SSL in WebSphere® Application Server for z/OS®.
 
Resolving the problem
  • All Connection types configured for a server are located in the servers server.xml file. Here is an example:
  • <services xmi:type="adminservice:AdminService" xmi:id="AdminService_1" enable="true" standalone="false" preferredConnector="SOAPConnector_1">
    <properties xmi:id="Property_20" name="ConnectionIOTimeOut" value="600" description="HTTP Timeout" required="false"/>
    <connectors xmi:type="adminservice:SOAPConnector" xmi:id="SOAPConnector_1">
    <properties xmi:id="Property_1" name="sslConfig" value="PLEX1Manager/RACFJSSESettings"/>
    <properties xmi:id="Property_2" name="requestTimeout" value="600"/>
    </connectors>
    <connectors xmi:type="adminservice:RMIConnector" xmi:id="RMIConnector_1"/>
    <configRepository xmi:id="RepositoryService_1"/>
    </services>

  • The <connectors> tag describes itself. One of the things it describes is its SSL repertoire. The SSL repertoires is defined in the administrative console under Security > SSL .

    There can be many repertoires. Each time you enable a security function in the administrative console, you are asked to use the SSL repertoire. If you enable Global Security, you are not prompted for repertoire information.


  • The Connector in the example above points to repertoire value="PLEX1Manager/RACFJSSESettings. Below is the list of repertoires defined on a system. Notice that the cell has SSL definitions and so do the NODES. If the NODE has been SYNC'd they should be the same.
.

  • In the security.xml file, the repertoires are defined as follows:
<repertoire xmi:id="SSLConfig_1074250935385" alias="nodedpmt/RACFJSSESettings">
<setting xmi:id="SecureSocketLayer_1074250935409" keyFileName="safkeyring:///WSRING@T1" keyFilePassword="{xor}Lz4sLCgwLTs=" keyFileFormat="JCERACFKS" trustFileName="safkeyring:///WSRING@T1" trustFilePassword="{xor}Lz4sLCgwLTs=" trustFileFormat="JCERACFKS" clientAuthentication="false" securityLevel="HIGH" enableCryptoHardwareSupport="false">
<cryptoHardware xmi:id="CryptoHardwareToken_1074250935410" tokenType="" libraryFile="" password="{xor}"/>
<properties xmi:id="Property_1074250935412" name="com.ibm.ssl.protocol" value="SSLv3"/>
<properties xmi:id="Property_1074250935413" name="com.ibm.ssl.contextProvider" value="IBMJSSE"/>
</setting>
</repertoire>
Note: These are the values used for the SOAP SSL port.
 
 
 


Document Information


Current web document: swg21170752.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS > Security
Operating system(s): z/OS
Software version: 5.0
Software edition:
Reference #: 1170752
IBM Group: Software Group
Modified date: Jun 3, 2004