Configuring
SSL is different between the client and server with WebSphere Application
Server.
Procedure
Configure the client (JSSE). Use
the sas.client.props file that is located, by default, in the profile_root/properties directory.
The sas.client.props file is a configuration file that contains lists
of property-value pairs, using the property = value syntax. The property
names are case sensitive, but the values are not; the values are converted
to lowercase when the file is read. Specify the following properties for an
SSL connection:
com.ibm.ssl.protocol
com.ibm.ssl.keyStoreType
com.ibm.ssl.keyStore
com.ibm.ssl.keyStorePassword
com.ibm.ssl.trustStoreType
com.ibm.ssl.trustStore
com.ibm.ssl.trustStorePassword
com.ibm.ssl.enabledCipherSuites
com.ibm.ssl.contextProvider
com.ibm.ssl.keyStoreServerAlias
com.ibm.ssl.keyStoreClientAlias
For the Secure Authentication Services
(SAS) authentication protocol only: com.ibm.CORBA.standardPerformQOPModels
For the cryptographic token device:
com.ibm.ssl.tokenType
com.ibm.ssl.tokenLibraryFile
com.ibm.ssl.tokenPassword
com.ibm.ssl.tokenSlot (added as a custom property)
Configure the server. Use the administrative console
to configure an application server that makes SSL connections. To start the
administrative console, specify the following Web address: http://server_hostname:port_number/ibm/console.
Refer to Defining Secure Sockets Layer connections
. You can select the alias later when a component
is configured for SSL support. An SSL configuration repertoire entry contains
the following fields:
Typical configuration settings:
Alias
Key file name
Key file password
Key file format
Trust file name
Trust file password
Trust file format
Client authentication
Security level
Cipher suites
For the cryptographic token device:
Cryptographic token (Create the alias first so you can configure these
fields).
Token type
Library file
Password
For additional Java properties:
Custom properties (Create the alias first so you can configure these fields).
com.ibm.ssl.contextProvider
com.ibm.ssl.protocol
com.ibm.ssl.tokenSlot (for crypto slot)
com.ibm.ssl.keyStoreClientAlias (alias selection
for client authentication to servers)
com.ibm.ssl.keyStoreServerAlias (alias selection
for server authentication to clients)
Note: WebSphere
Application Server contains IBM Developer Kit for Java Technology Edition
Version 1.4.2 , which includes changes from IBM Developer Kit for Java Technology
Edition Version 1.3.
Last updated: Mar 8, 2007 8:14:28 PM CST http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_ssl.html