You can configure cryptographic token support in both client and server configurations. To configure a Java client application, use the sas.client.props configuration file. By default, the sas.client.props file is located in the install_root/profiles/profile_name/properties/ directory of your WebSphere Application Server installation. To configure WebSphere Application Server, start the administrative console by specifying the following URL: http://server_hostname:9060/ibm/console.
Before you begin
To understand how to make WebSphere Application Server (both the run time and the key management utility) work correctly with any cryptographic token device, become familiar with the Java Secure Socket Extension (JSSE) documentation available in the http://www.ibm.com/developerworks/java/jdk/security/142/jsse2docs.zip. and http://www.ibm.com/developerworks/java/jdk/security/142/ikmuserguide.pdf files.
WebSphere Application Server runtime uses the IBMPKCS11Impl provider instead of the IBMPKCS11 provider for hardware crypto support. See http://www.ibm.com/developerworks/java/jdk/security/142/pkcs11implDocs.zip for more information. Refer to the "IBM Java PKCS 11 Implementation Provider.htm" document located in this zip file.
Steps for this task
Leave the KeyStore File Name, KeyStore File Password, TrustStore File Name, TrustStore File Password fields in an SSL configuration blank, if you want to use only cryptographic tokens as your keystore. You can modify an existing configuration if you click Security > SSL > alias. You must specify an alias and select the Cryptographic token option. The following directions explain how to configure WebSphere Application Server for a new cryptographic device.
For the Simple Object Access Protocol (SOAP) Java Management Extensions (JMX) administrative transports, you can modify the SSL configurations repertoire aliases by clicking Servers > Application servers > server_name. Under Server infrastructure, click Administration > Administration services. Under Additional properties, click JMX connectors > SOAPConnector. Under Additional properties, click Custom properties. If you want to point the sslConfig property to a new alias, click sslConfig and select an alias in the Value field.
For the Lightweight Directory Access Protocol (LDAP) SSL transport, you can modify the SSL configuration repertoire aliases by clicking Security > Global security. Under User registries, click LDAP.
Result
The WebSphere Application Server configuration is configured to take advantage of a cryptographic token device for cryptographic functions used by SSL This can improve the system performance over software encryption when SSL is used to protect your data that is transferred over the network.Example
What to do next
If the server configuration has changed, restart the configured server.