Configuring to use cryptographic tokens

You can configure cryptographic token support in both client and server configurations. To configure a Java client application, use the sas.client.props configuration file. By default, the sas.client.props file is located in the properties directory under the <install_root> of your WebSphere Application Server installation. To configure a WebSphere Application Server, use the administrative console. To start the administrative console, specify URL: http://<server_hostname>:9090/admin.

Before you begin

Follow the documentation that accompanies your device to install your cryptographic device. Installation instructions for IBM cryptographic hardware devices can be found in the Administration section of Resources for learning.

Steps for this task

  1. To configure a client to use a cryptographic token, edit the sas.client.props file and set the following properties. Fill in the KeyStore File Name, KeyStore File Password, TrustStore File Name, and TrustStore File Password fields in the Secure Sockets Layer (SSL) configuration. Leave the com.ibm.ssl.tokenType, com.ibm.ssl.tokenLibraryFile, and com.ibm.ssl.tokenPassword fields blank.
  2. Configure your server to use the cryptographic device.
    Fill in the KeyStore File Name, KeyStore File Password, TrustStore File Name, and TrustStore File Password fields in an SSL configuration. You can modify an existing configuration if you click Security > SSL > alias. You must specify an alias and select the Cryptographic token option. The following directions explain how to configure WebSphere Application Server for a new cryptographic device.
    1. Specify http://server_hostname:9090/admin to start the administrative console.
    2. Click Security > SSL to open the SSL Configuration Repertoires panel.
    3. Click New to create a new SSL setting alias if you do not want to use the default.
    4. Specify an alias name in the alias field for the new cryptographic device
      After you configure the cryptographic device, this alias appears on the Security > SSL panel and in the Authentication protocol > SAS outbound transport list.
    5. Select Cryptographic token and click OK.
    6. Select the appropriate cryptographic device from the SSLSettings menu.

Results

The configuration is enabled to support the specified cryptographic token for the SSL connection.

Example




Searchable topic ID:   tseccrypto
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_crypto.html

Library | Support | Terms of Use | Feedback