Changing the default Secure Sockets Layer repertoire key files

Use this topic to change the default Secure Sockets Layer repertoire key files.

About this task

[AIX HP-UX Linux Solaris Windows] The default Secure Sockets Layer (SSL) repertoire is used to securely communicate between internal Java processes when you enable global security. If you change the key files that are used by the deployment manager default SSL repertoire, you must change the default SSL key files of the federated nodes to the same key files that are used by the deployment manager default SSL repertoire. After changing the default SSL key files that are used by the deployment manager, but before federating a new node with global security enabled, you must change the default SSL key files of the unfederated node to match the key files that are used by the deployment manager. Without this change, the deployment manager fails to connect to the unfederated node when the deployment manager attempts to federate it. Complete the following instructions to configure the deployment manager and the nodes to use the new key file:

[z/OS] If you modify the default digital certificates in the key rings that belongs to the node agent and the deployment managers or application servers, you must verify that the public certificate of the new certificate authority is added as a trust certificate in the key rings of all servers to which it needs to communicate. This action includes modifying the certificates so that they are issued from a different certificate authority (for example, if you use a commercial certificate authority).

[z/OS] Within a given cell, the:
  • Deployment manager and node agents must communicate
  • Node agents must communicate to all servers within the node
[z/OS] If you modify the repertoire definitions, you must update the:
  • System SSL repertoire that is used by HTTP
  • System SSL repertoire that is used for Internet InterORB Protocol (IIOP) communications
  • Java Secure Socket Extension (JSSE) repertoire that is used for the Simple Object Access Protocol (SOAP) and Java Management Extensions (JMX) connector, if applicable

Procedure [AIX HP-UX Linux Solaris Windows]

  1. Click Security > SSL > node_SSL_settings .
  2. Modify the value of the Key File Name and Key File Password fields to access the new key file.
  3. Select the format from the Key File Format options that matches the format used by the new key file.
  4. Modify the value of the Trust File Name and Trust File Password fields to access the new trust file.
  5. Select the format from the Trust File Format options that matches the format that is used by the new trust file.
  6. Click Apply to apply the changes.
  7. If error messages do not display at the top of the window, click Save to save the changes to the master configuration.
    Important: Do not restart the deployment manager before completing the previous steps for the default SSL repertoire settings on the federated node or nodes. If you restart the deployment manager before you change the default SSL key files for the federated nodes, the deployment manager cannot communicate with the federated nodes with global security enabled. To fix this problem, revert the deployment manager default SSL key files back to the original key and trust files and restart the deployment manager.

What to do next [AIX HP-UX Linux Solaris Windows]

Repeat the steps for the SSL settings on each federated node. If a federated node is on a separate machine, copy the key and trust files onto that machine. After repeating the steps for each federated node, restart the deployment manager and all of the federated nodes.



In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 9:31:45 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-mp&topic=tsec_defsslrepkey
File name: tsec_defsslrepkey.html