Configuring to use cryptographic tokens
You can configure cryptographic token support in both client and
server configurations. To configure a Java client application, use the sas.client.props configuration
file. By default, the sas.client.props file is located in the properties directory
under the <install_root> of your WebSphere Application Server installation.
To configure a WebSphere Application Server, use the administrative console.
To start the administrative console, specify URL: http://<server_hostname>:9090/admin.
Before you begin
Follow the documentation that accompanies your device to install
your cryptographic device. Installation instructions for IBM cryptographic
hardware devices can be found in the Administration section of Resources for learning.
Steps for this task
- To configure
a client to use a cryptographic token, edit the sas.client.props file
and set the following properties. Fill in the KeyStore File Name, KeyStore
File Password, TrustStore File Name, and TrustStore File Password fields
in the Secure Sockets Layer (SSL) configuration. Leave the com.ibm.ssl.tokenType, com.ibm.ssl.tokenLibraryFile,
and com.ibm.ssl.tokenPassword fields blank.
- Configure your server to use the cryptographic device.
Fill in the KeyStore
File Name, KeyStore File Password, TrustStore File Name,
and TrustStore File Password fields in an SSL configuration. You can
modify an existing configuration if you click Security > SSL > alias.
You must specify an alias and select the Cryptographic token option.
The following directions explain how to configure WebSphere Application Server
for a new cryptographic device.
- Specify http://server_hostname:9090/admin to
start the administrative console.
- Click Security > SSL to open the SSL Configuration Repertoires
panel.
- Click New to create a new SSL setting alias if you do
not want to use the default.
- Specify an alias name in the alias field for the new
cryptographic device
After you configure the cryptographic device,
this alias appears on the Security > SSL panel and in the Authentication
protocol > SAS outbound transport list.
- Select Cryptographic token and click OK.
- Select the appropriate cryptographic device from the SSLSettings
menu.
Results
The configuration is enabled to support the specified cryptographic
token for the SSL connection.
Searchable topic ID:
tseccrypto
Last updated: Jun 21, 2007 9:56:50 PM CDT
WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_crypto.html