You can associate a secure outbound endpoint with a new Secure
Sockets Layer (SSL) configuration directly. If you are migrating from a release
prior to version 6.1, WebSphere Application Server still supports configurations
that were selected directly at an endpoint. Direct selection always overrides
centrally managed configurations and preserves migrated configurations.
About this task
Select an SSL configuration alias directly at the following endpoints:
- Security > Secure administration, applications, and infrastructure
> RMI/IIOP security > CSIv2 outbound transport
- Security > Secure administration, applications, and infrastructure
> RMI/IIOP security > CSIv2 inbound transport
- System administration > Deployment manager > Transport Chain > WCInboundAdminSecure
> SSL inbound channel (SSL_1)
- System administration > Deployment manager > Administration Services
> JMX connectors > SOAPConnector > Custom Properties > sslConfig
- System administration > Node agents > nodeagent > Administration Services
> JMX connectors > SOAPConnector > Custom Properties > sslConfig
- Servers > Application servers > server1 > Messaging engine inbound
transports > InboundSecureMessaging > SSL inbound channel (SIB_SSL_JFAP)
- Servers > Application servers > server1 > WebSphere MQ link inbound
transports > InboundSecureMQLink > SSL inbound channel (SIB_SSL_MQFAP)
- Servers > Application servers > server1 > SIP Container Settings >
SIP container transport chains > SIPCInboundDefaultSecure > SSL inbound channel
(SSL_5)
- Servers > Application servers > server1 > Web Container Settings >
Web container transport chains > WCInboundAdminSecure > SSL inbound channel
(SSL_1)
- Servers > Application servers > server1 > Web Container Settings >
Web container transport chains > WCInboundDefaultSecure > SSL inbound channel
(SSL_2)
Attention: The central management of SSL configurations can
be a more efficient strategy because multiple configurations can be contained
within a single SSLConfigGroup. If you need to convert configuration references
that are already directly managed to centrally managed configurations, modify
each endpoint individually. Use the
AdminConfig.modify command to set
the
sslConfigAlias value to an empty string (""). Below is
an example of doing this:
For more information on using this command, see
Configuring processes using scriptingFor
more information on specific wsadmin commands that affect a repertoire as
opposed to individual endpoints, see the SSLConfigGroupCommands group for
the AdminTask here, SSLConfigGroupCommands group for the AdminTask object.
Complete
the following steps in the administrative console:
Note: These steps provide
an example to follow when you directly select any of the endpoints listed
above.
Procedure
- Click Security > Secure administration, applications, and infrastructure
> RMI/IIOP security > CSIv2 outbound transport.
- Click Use specific SSL alias. When you identify
a specific SSL alias, you override the centrally managed scope associations.
- Select an SSL configuration alias from the drop-down list.
- Click OK.
- Repeat these steps for additional protocols or endpoints, if desired.
Results
By associating the endpoint directly, you have overridden a centrally
managed SSL configuration.
What to do next
If you decide to use management scopes instead of endpoints to associate
an SSL configuration, follow the steps above, but click Centrally managed instead
of Use specific SSL alias, then click Manage endpoint security configurations.
The console is redirected to Security > SSL certificate and key management
> Manage endpoint security configurations.