[Version 5.0.2 and later]Configuring Secure Sockets Layer

Why and when to perform this task

Secure Sockets Layer (SSL) is used by multiple components within WebSphere Application Server to provide trust and privacy. These components are the built-in HTTP Transport, the Object Request Broker (ORB) (for client and server) and the secure Lightweight Directory Access Protocol (LDAP) client. Configuring SSL is different between client and server with WebSphere Application Server .

Steps for this task

  1. Configure the client (JSSE).
    Use the sas.client.props file located in the ${install_root}/properties directory. The sas.client.props file is a configuration file that contains lists of property-value pairs, using the syntax <property> = <value>. The property names are case sensitive, but the values are not; the values are converted to lowercase when the file is read. By default, the sas.client.props file is located in the properties directory under the install_root of your WebSphere Application Server installation. Specify the following properties for an SSL connection:
    • com.ibm.ssl.protocol
    • com.ibm.ssl.keyStoreType
    • com.ibm.ssl.keyStore
    • com.ibm.ssl.keyStorePassword
    • com.ibm.ssl.trustStoreType
    • com.ibm.ssl.trustStore
    • com.ibm.ssl.trustStorePassword
    • com.ibm.ssl.enabledCipherSuites
    • com.ibm.ssl.contextProvider
    • com.ibm.ssl.keyStoreServerAlias
    • com.ibm.ssl.keyStoreClientAlias
    • For the Secure Authentication Services (SAS) authentication protocol only: com.ibm.CORBA.standardPerformQOPModels
    • For the cryptographic token device:
      • com.ibm.ssl.tokenType
      • com.ibm.ssl.tokenLibraryFile
      • com.ibm.ssl.tokenPassword
  2. Configure the server.
    Use the administrative console to configure an application server that makes SSL connections. To start the administrative console, specify the following Web address: http://server_hostname:9090/admin.
  3. Create an SSL configuration repertoires alias or entry.
    You can select the alias later when a component is configured for SSL support. An SSL configuration repertoires entry contains the following fields:
    • Typical configuration settings:
      • Alias
      • Key file name
      • Key file password
      • Key file format
      • Trust file name
      • Trust file password
      • Trust file format
      • Client authentication
      • Security level
      • Cipher suites
    • For the cryptographic token device:
      • Cryptographic token (Create the alias first so you can configure these fields).
        • Token type
        • Library file
        • Password
    • For additional Java properties:
      • Custom properties (Create the alias first so you can configure these fields).
        • com.ibm.ssl.contextProvider
        • com.ibm.ssl.protocol

Related concepts
Secure Sockets Layer
Digital certificates
Authentication protocol for EJB security
Related reference
Secure Sockets Layer configuration repertoire settings



Searchable topic ID:   tsecssl
Last updated: Jun 21, 2007 4:12:58 PM CDT    WebSphere Application Server Express, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_ssl.html

Library | Support | Terms of Use | Feedback