Before you begin
It is helpful to understand security from an infrastructure standpoint so that you know the advantages of different authentication mechanisms, user registries, authentication protocols, and so on. Picking the right security components to meet your needs is a part of configuring global security. The following sections help you make these decisions. Read the following articles before continuing with the security configuration.
After you understand the security components, you can proceed to configure global security in WebSphere Application Server.Steps for this task
One of the details common to all user registries is the server user ID. This ID is a member of the chosen user registry, but also has special privileges in WebSphere Application Server. The privileges for this ID and the privileges associated with the administrative role ID are the same. The server user ID can access all protected administrative methods. On Windows systems, the ID must not be the same name as the machine name of your system, since the registry sometimes returns machine-specific information when querying a user of the same name. In LDAP user registries, verify that the server user ID is a member of the registry and not just the LDAP administrative role ID. The entry must be searchable.
The server user ID does not run WebSphere Application Server processes. Rather, the process ID runs the WebSphere Application Server processes.
The process ID is determined by the way the process starts. For example, if you use a command line to start processes, the user ID that is logged into the system is the process ID. If running as a service, the user ID that is logged into the system is the user ID running the service. If you choose the LocalOS registry, the process ID requires special privileges to call the operating system APIs. Specifically, the process ID must have the Act as Part of Operating System privileges on Windows systems or root privileges on a UNIX system.
Create a new keystore and truststore, by referring to the Creating a keystore file and Creating truststore files articles.
You can create different keystore files and truststore files for different uses or you can create just one set for everything that the server uses SSL for. Once you create these new keystore and truststore files, specify them in the SSL Configuration repertoire. To get to the SSL Configuration Repertoire, click Security > SSL. You can either edit the DefaultSSLConfig file or create a new SSL configuration with a new alias name. If you create a new alias name for your new keystore and truststore files, change every location that references the DefaultSSLConfig SSL configuration alias. The following list provides these locations: