WebSphere Application Server Network Deployment, Version 6.1
             Operating Systems: z/OS

             Personalize the table of contents and search results
This topic applies only on the z/OS operating system.

Creating a new System SSL repertoire alias

With Secure Sockets Layer (SSL) configuration repertoire, administrators can define any number of SSL settings that can be used to make HyperText Transport Protocol SSL (HTTPS), Internet Inter-ORB Protocol SSL (IIOPS) or Lightweight Directory Access Protocol SSL (LDAPS) connections. You can reuse many of these SSL configurations by simply specifying an alias in multiple places.

Before you begin

You must start the administrative console.

About this task

Using the SSL configuration repertoire, you can pick one of the SSL settings defined here from any location within the administrative console that allows SSL connections. This simplifies the SSL configuration process because you can reuse many of these SSL configurations by simply specifying the alias in multiple places.

Procedure

  1. Click Security > SSL certificate and key management > SSL configuration to open the SSL configuration panel.
  2. To create a new SSL alias, click New.
  3. Type the alias name in the Alias field.
  4. [This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.] Specify the SSL Resource Access Control Facility (RACF) key ring in the Key file name field. All repertoires used by the same server (such as HTTPS, CSIV2, z/SAS) must have the same keyring name. If the keyring names are not the same, the HTTPS keyring name is used to initialize the server. If you specify the wrong RACF key ring, the server gets an error message at runtime.
    Important: z/SAS is supported only between Version 6.0.x and previous version servers that have been federated in a Version 6.1 cell.
  5. [This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.] Optional: Select the Client authentication option for your authentication protocol. Client authentication occurs if this repertoire is selected for HTTPS. However, the value is ignored if you use using Common Secure Interoperability Version 2 (CSIv2) or z/OS Secure Authentication Services (z/SAS).

    To enable client authentication for CSIv2, click Security > Secure-Administration and Applications. Under Authentication, expand RMI/IIOP, then click CSIv2 inbound authentication. Select the appropriate option for Client certificate authentication.

    To enable client authentication for z/SAS, click Security > Secure-Administration and Applications. Under Authentication, expand RMI/IIOP, then click z/SAS authentication. Select the Client certificate option.

  6. Select High, Medium, or Low from the Security level menu to specify the high, medium, or low set of cipher suites. If you add specific cipher suites on this panel, those cipher suites take precedence over the high, medium, or low specification. If a cipher list is specified, WebSphere Application Server uses the list. If the cipher list is empty, WebSphere Application Server uses the high, medium, low specification. The following list explains these specifications:
    High
    128-bit cipher suites with digital signature
    Medium
    40-bit cipher suites with digital signature
    Low
    No encryption is used, but digital signature is used
  7. Specify the SSL V3 timeout value in the V3 timeout field. This value is the length of time, in seconds, that the system holds session keys. The range is 0-86400 (1 day). The default is 600 seconds.
  8. Select the cipher suites that you want to add from the Cipher suites menu. By default, this is not set, and the cipher suites available are determined by the value of the Security Level (High, Medium, or Low). A cipher suite is a combination of cryptographic algorithms used for an SSL connection.
  9. Click OK when you have made all your selections.



In this information ...


IBM Redbooks, demos, education, and more


Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

IBM Suggests
Task topic    

Terms of Use | Feedback

Last updated: Feb 25, 2009 9:32:38 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tsec_configrepset.html