- All Connection types configured for a server are located
in the servers server.xml file. Here is an example:
- <services
xmi:type="adminservice:AdminService" xmi:id="AdminService_1" enable="true"
standalone="false" preferredConnector="SOAPConnector_1">
<properties xmi:id="Property_20" name="ConnectionIOTimeOut"
value="600" description="HTTP Timeout" required="false"/>
<connectors xmi:type="adminservice:SOAPConnector"
xmi:id="SOAPConnector_1">
<properties xmi:id="Property_1" name="sslConfig"
value="PLEX1Manager/RACFJSSESettings"/>
<properties xmi:id="Property_2" name="requestTimeout" value="600"/>
</connectors>
<connectors xmi:type="adminservice:RMIConnector"
xmi:id="RMIConnector_1"/>
<configRepository xmi:id="RepositoryService_1"/>
</services>
- The <connectors> tag describes itself. One of the
things it describes is its SSL repertoire. The SSL repertoires is defined
in the administrative console under Security > SSL .
There can be many repertoires. Each time you enable a security
function in the administrative console, you are asked to use the SSL
repertoire. If you enable Global Security, you are not prompted for
repertoire information.
- The Connector in the example above points to repertoire
value="PLEX1Manager/RACFJSSESettings. Below is the list of
repertoires defined on a system. Notice that the cell has SSL definitions
and so do the NODES. If the NODE has been SYNC'd they should be the
same.
.
- In the security.xml file, the repertoires are defined as
follows:
<repertoire
xmi:id="SSLConfig_1074250935385" alias="nodedpmt/RACFJSSESettings">
<setting xmi:id="SecureSocketLayer_1074250935409"
keyFileName="safkeyring:///WSRING@T1" keyFilePassword="{xor}Lz4sLCgwLTs="
keyFileFormat="JCERACFKS" trustFileName="safkeyring:///WSRING@T1"
trustFilePassword="{xor}Lz4sLCgwLTs=" trustFileFormat="JCERACFKS"
clientAuthentication="false" securityLevel="HIGH"
enableCryptoHardwareSupport="false">
<cryptoHardware xmi:id="CryptoHardwareToken_1074250935410"
tokenType="" libraryFile="" password="{xor}"/>
<properties xmi:id="Property_1074250935412"
name="com.ibm.ssl.protocol" value="SSLv3"/>
<properties xmi:id="Property_1074250935413"
name="com.ibm.ssl.contextProvider" value="IBMJSSE"/>
</setting>
</repertoire>
Note: These are the values used for the SOAP SSL port. |