Use the administrative console panel to modify the port and Secure Sockets Layer (SSL) port settings and to specify the SSL settings (the SSL repertoire). The default repertoire is a SystemSSL IIOP repertoire, which is the same as the repertoire used for the server. During daemon initialization the SSL usage initialization is attempted if security is enabled and a valid repertoire is found. In order to turn off the daemon SSL port a cell-level WebSphere variable (DAEMON_security_disable_daemon_ssl) must be created and set to true. The default for this variable is false.
SSL can be used to protect locations in the SSL daemon using the Location Service Daemon if:
On the administrative console, click System Administration > z/OS Location Service.
Location service daemon This panel specifies the configuration settings for the location service daemon for this cell. Changes made to these settings to the entire cell and to the location service daemon instance on each node in the cell. Job Name BBODMNC Specifies z/OS jobname of location service daemon. Host Name BOSSXXXX.PLEX1.L2.IBM.COM Specifies host name to be used when contacting location service daemon. Port 5755 Specifies port location service daemon listens on for unencrypted communication. SSL Port 5756 Specifies port location service daemon listens on for encrypted communication. SSL Setting PLEX1Manager/DefaultIIOPSSL Specifies a list of predefined SSL settings to choose from for connections. These are configured at the SSL repertoire panel.
You can use the customization dialog to specify authentication information, including the daemon's user ID, UID, and SSL port. This panel is located under Server Customization. RACF commands are generated to create a keyring for server use (the default is WASKeyring).
A separate keyring is not created for the daemon.
The customization dialog generates the daemon keyring
and the certificate. To generate the daemon keyring and certificate from the
customization dialog, select Security Domain > SSL Customization > Enable
SSL on the Location Service Daemon. If you type Y next to this
option, the RACF commands are generated to do the following tasks:
Note: This option does not control
the use of the daemon SSL.
If the daemon process is assigned the same MVS user ID assigned to a secure WebSphere Application Server, the keyring you use to secure WebSphere Application Server can also be used to secure daemon requests. If the daemon process is not assigned the same MVS user ID assigned to a secure WebSphere Application Server, it is recommended that you perform the daemon SSL setup similarly to the setup for your WebSphere Application Server. Modify the customization job commands generated in BBOCBRAK (or HLQ.DATA(BBODBRAK) on WebSphere Application Server Network Deployment) to perform the steps in Setting up a Keyring for use by WebSphere Application Server for z/OS.