Configuring Common Secure Interoperability Version 2 for Secure Sockets Layer client authentication

Before you begin

Configure the Secure Sockets Layer (SSL) client authentication using the sas.client.props configuration file or the administrative console. To configure a Java client application, use the sas.client.props configuration file. By default, the sas.client.props file is located in the properties directory under the <install_root> of your WebSphere Application Server installation.

To configure a WebSphere Application Server, use the administrative console. To start the administrative console, specify URL: http://<server host_name>:9090/admin.

Why and when to perform this task

To configure a Java client application, complete the following steps, which explain how to edit the sas.client.props file.

Steps for this task

  1. To require SSL client authentication, set property com.ibm.CSI.performTLClientAuthenticationRequired=true.
    Do not set this property unless you know your target server also supports SSL client authentication for the inbound CSI authentication protocol.
  2. To support SSL client authentication, set the property com.ibm.CSI.performTLClientAuthenticationSupported=true.
  3. To specify the CSI protocol, set the property com.ibm.CSI.protocol=csiv2.
  4. To match the SSL protocol configured with your server, set the property, com.ibm.ssl.protocol, accordingly.
  5. Specify the com.ibm.CORBA.ConfigURL property with the fully qualified path of your Java property file when you run your application.
    For example, -Dcom.ibm.CORBA.ConfigURL=file:/WebSphere/AppServer/properties/sas.client.props

Why and when to perform this task

To configure a WebSphere Application Server, complete the following steps

Steps for this task

  1. Start the administrative console.
  2. Expand Security > Authentication Protocol.
  3. Click CSIv2 Inbound Authentication.
  4. Select Supported or Required for Client Certificate Authentication.
  5. Click OK.
  6. If you selected Required in step 4, configure the CSIv2 outbound authentication as well to support the client certificate authentication. Otherwise, you can skip this step. Click CSIv2 Outbound Authentication and select either Supported or Required for Client Certificate Authentication.
  7. Click CSIv2 Outbound Transport. Select an SSL setting from the SSLSettings list for keystore, truststore, cryptographic token, SSL protocol, and ciphers use. Create an alias from the SSL Configuration Repertoires panel for an SSL setting. Update the SSL setting selected in CSIv2 Inbound Transport accordingly.
  8. Save your configuration.
  9. Restart the server for the changes to become effective.

Results

Client authentication using digital certificates is performed during SSL connection.

Example

What to do next

Specify the keystore and truststore files in your configuration.

Related concepts
Authentication protocol for EJB security
Related tasks
Managing digital certificates
Related reference
Cryptographic token settings



Searchable topic ID:   tseccsiv2ssl
Last updated: Jun 21, 2007 4:12:58 PM CDT    WebSphere Application Server Express, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_csiv2ssl.html

Library | Support | Terms of Use | Feedback