Steps to create a new System SSL repertoire alias

Before you begin

You must start the Administrative console.

Why and when to perform this task

The steps outline the necessary actions to generate a new System SSL repertoire alias. Using the SSL configuration repertoire, you can pick one of the SSL settings defined here from any location within the administrative console that allows SSL connections. This simplifies the SSL configuration process since you can reuse many of these SSL configurations by simply specifying the alias in multiple places.

Steps for this task

  1. Click Security > SSL on the left-hand navigation tree to open the SSL Configuration Repertoires panel.
  2. To create a new System SSL alias, select the check box next to the word Alias and click on the New SSSL Repertoire button near the top of the panel. The System SSL Repertoire panel appears.
  3. Enter the alias name in the Alias field.
  4. Specify the SSL RACF key ring in the Key File Name field.
    All repertoires used by the same server (such as HTTPS, CSIV2, z/SAS) must have the same keyring name. If the keyring names are not the same, the HTTPS keyring name is used to initialize the server. If you specify the wrong RACF key ring, the server gets an error message at run time.
  5. (Optional)   Select the Client Authentication option.
    This option enables client authentication to occur if this repertoire is selected for HTTPS. However, the value is ignored if you use using CSIv2 or z/SAS.

    To enable client authentication for CSIv2, click Security > Authentication Protocol > CSIv2 Inbound Authentication. Select the appropriate option for Client Certificate Authentication.

    To enable client authentication for z/SAS, click Security > Authentication Protocol > zSAS Transport. Select the Client Certificate option.

  6. Select High, Medium, or Low from the Security Level menu to specify the high, medium, or low set of cipher suites.
    If you add specific cipher suites on this panel, those cipher suites take precedence over the high, medium, or low specification. If a cipher list is specified, WebSphere Application Server uses the list. If the cipher list is empty, WebSphere Application Server uses the high, medium, low specification. The following list explains these specifications:
    High
    128-bit cipher suites with digital signature.
    Medium
    40-bit cipher suites with digital signature.
    Low
    No encryption is used, but digital signature is used.
  7. Specify the SSL V3 timeout value in the V3 Timeout field. This value is the length of time, in seconds, that the system holds session keys.
    The range is 0-86400 (1 day). The default is 600 seconds.
  8. Select the cipher suites that you want to add from the Cipher Suites menu.
    By default, this is not set and the cipher suites available are determined by the value of the Security Level (High, Medium, or Low). A cipher suite is a combination of cryptographic algorithms used for an SSL connection.
  9. Click OK when you have made all your selections.

Related concepts
SSL repertoires
Related tasks
Setting up Secure Sockets Layer security for WebSphere Application Server for z/OS
Using Java Secure Socket Extension and Java Cryptography Extension with Servlets and enterprise bean files



Searchable topic ID:   tsecconfigrepset
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_configrepset.html

Library | Support | Terms of Use | Feedback