Configuring Secure Sockets Layer for Java client authentication
WebSphere Application Server supports Java client authentication
using a digital certificate when the client attempts to make a Secure Sockets
Layer (SSL) connection. The authentication occurs during an SSL handshake.
The SSL handshake is a series of messages exchanged over the SSL protocol
to negotiate for connection-specific protection. During the handshake, the
secure server requests the client to send back a certificate or certificate
chain for the authentication.
Before you begin
To configure SSL for Java client authentication, consider the following
questions:
- Have you enabled security with your WebSphere Application Server? Refer
to Configuring global security for more details.
- Have you configured z/OS Secure Authentication Services
(z/SAS) or Common Secure Interoperability (CSI) authentication protocol for
your target application server? Refer to Configuring global security for more details.
- Have you configured your server to support secure
transport for the inbound z/SAS or CSI authentication protocol?
- Have you configured your server to support client
authentication at the transport layer for the inbound z/SAS or CSI authentication
protocol?
- If you are using a self-signed personal certificate,
have you exported the public certificate from the Service Access Facility
(SAF)?
- If you are using a certificate authority (CA)-signed personal certificate,
have you received the root certificate of the CA?
- If you are using a self-signed personal certificate,
have you imported the public certificate into SAF as a signer certificate?
- If you are using a CA-signed (certificate authority) personal certificate,
have you imported the CA root certificate into your target Java trust store
file as a signer certificate?
- Does the common name (CN) specified in your personal
certificate name exist in your configured user registry or is there a SAF
mapping for the certificate?
If you answer yes to all of these questions, you can configure SSL for
Java client authentication.
Why and when to perform this task
What to do next
If a connection problem occurs, you can set a Java property,
javax.net.debug=true,
before you run your client or your server to generate debugging information.
See
Troubleshooting security configurations for
further information about how to debug an IBM JSSE problem.

Authentication protocol for EJB security
Searchable topic ID:
tsecssljava
Last updated: Jun 21, 2007 9:56:50 PM CDT
WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_ssljava.html