Secure Sockets Layer (SSL) is an authentication protocol introduced as an IETF standard. WebSphere Application Server supports SSL-based mutual authentication between WebSphere Application Servers and CORBA C++ clients.
Both CORBA C++ clients and EJB servers have a key database file, which is a CMS key database file generated by the IBM Key Management Tool. In the client's key database file, a portion contains the server certificate's public key (or its CA certificate as a signer). In the server's key database, there is a truststore file that contains each client's certificate public key (or its CA certificate as a signer). SSL mutual authentication is performed so that the client uses the server's certificate to authenticate the server and the server uses the client's certificate to authenticate the client.
The SSL support provided by WebSphere Application Server for CORBA C++ clients uses the GSKit SSL library at the C++ clients and IBM JSSE at the server. Both SSL libraries are shipped with WebSphere Application Server.
To enable SSL certificate-based authentication, you must create a server certificate for each server you want to authenticate and a client certificate for each client that you want to authenticate. A server certificate, along with its corresponding private key, must be placed in a key database file at the server. The server uses this key database file to present itself to any clients that want to authenticate the server. Similarly, the client certificate and key must be placed in a key database file at the client. The client uses its key database file to present itself to servers that want to authenticate the client.
For more information about WebSphere C++ client use of SSL, see "CORBA C++ client: SSL and certificates". For more information about enabling SSL certificate-based security, see "Enabling SSL certificate security between a CORBA C++ client and an EJB server".