Steps to create a new Java Secure Socket Extension repertoire alias

Why and when to perform this task

The following steps describe how to generate a new Java Secure Socket Extension (JSSE) repertoire alias. Using the JSSE repertoire, you can pick one of the JSSE repertoire settings defined here from any location within the administrative console. This simplifies the JSSE repertoire configuration process because you can reuse many of these JSSE configurations by simply specifying the alias in multiple places.

Steps for this task

  1. Click Security > SSL on the left-hand navigation tree to open the SSL Configuration Repertoires panel.
  2. To create a new JSSE repertoire, click New JSSE Repertoire near the top of the panel. The JSSE Repertoire panel appears.
  3. Enter the alias name in the Alias field.
  4. Specify the name of the key file in the Key File Name field.
    Specify the fully qualified path to the Secure Sockets Layer (SSL) key file that contains public keys and private keys. Type safkeyring:/// if you are using a RACF key ring for the key file.
  5. Specify the password needed to access the key file in the Key File Password field.
    Type password if you are using a RACF key ring for the key store.
  6. Select the format of the key file from the Key File format menu.
  7. (Optional)   Select the Client Authentication option.
    This option enables client authentication to occur if this repertoire is selected for HTTPS. However, the value is ignored if you use using CSIv2 or z/SAS.

    To enable client authentication for CSIv2, click Security > Authentication Protocol > CSIv2 Inbound Authentication. Select the appropriate option for Client Certificate Authentication.

    To enable client authentication for z/SAS, click Security > Authentication Protocol > zSAS Transport. Select the Client Certificate option.

  8. Select High, Medium, or Low from the Security Level menu to specify the high, medium, or low set of cipher suites.
    If you add specific cipher suites on this panel, those cipher suites take precedence over the high, medium, or low specification. If a cipher list is specified, WebSphere Application Server uses the list. If the cipher list is empty, WebSphere Application Server uses the high, medium, low specification. The following list is an explanation of the high, medium, and low specifications:
    High
    128-bit cipher suites with digital signature.
    Medium
    40-bit cipher suites with digital signature.
    Low
    No encryption is used, but digital signature is used.
  9. Select the cipher suites that you want to add from the Cipher Suites menu.
    By default, this is not set. The set of cipher suites available is determined by the value of the Security Level (High, Medium, or Low). A cipher suite is a combination of cryptographic algorithms used for an SSL connection.
  10. Select the Cryptographic Token option if hardware or software cryptographic support is available.
  11. Indicate which JSSE provider that you are using by selecting either Predefined JSSE provider or Custom JSSE provider in the Provider field.
    WebSphere Application Server comes with the IBMJSSE provider predefined.

    If you are not using the IBMJSSE provider, configure a custom provider by selecting Custom JSSE provider. Under additional properties, click Custom Properties > New. After specifying the custom provider, return to the JSSE repertoire panel.

  12. Select an SSL or TLS protocol version.

    Note: The protocol chosen for the server must match the protocol chosen for the client. Also, in order for two servers to interoperate, they must use the same protocol.

  13. Click OK when you have made all your selections.

Related concepts
SSL repertoires
Related tasks
Setting up Secure Sockets Layer security for WebSphere Application Server for z/OS
Using Java Secure Socket Extension and Java Cryptography Extension with Servlets and enterprise bean files



Searchable topic ID:   tsecconfigjsserep
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_configjsserep.html

Library | Support | Terms of Use | Feedback