WebSphere WebSphere Application Server Version 6.1.x Feature Pack for Web Services Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

Secure transport considerations

Secure Sockets Layer (SSL) provides security when communicating with messaging engines. There are number of important considerations that apply to configuring secure transport, such as inbound chains which allow two messaging engines to communicate using an SSL.

Some additional steps might be required to establish SSL-based or HTTPS-based connections between messaging engines, or between messaging engines and JMS applications running in a client container. These steps are necessary because, for an SSL connection to be established successfully, the party that is initiating the connection and the party that is waiting for the connection to be made must both supply a compatible set of credentials.

When you are configuring the client container to bootstrap using an SSL-based transport chain, you might need to specify additional SSL properties in the sib.client.ssl.properties properties file. This file is located in the profile_root/properties directory of the application server installation, where profile_root is the directory in which profile-specific information is stored. The properties in this file are used for all client container bootstrapping activities over both SSL and HTTPS-based bootstrap chains.

You can override or augment properties specified in the sib.client.ssl.properties file by specifying system properties of the same name to the application client. Do this by specifying a –CCD command line option naming the property and its new value. For more information about command line syntax, see launchClient tool.
Note: Some of the properties in the sib.client.ssl.properties file duplicate those in the sas.client.props file. Overriding these properties using command line options affects both sets of properties.

When you are configuring SSL-based connections between two messaging engines, both the messaging engines must have inbound chains with matching names. These inbound chains must be configured with compatible sets of SSL credentials. The compatibility must be true for both intra-bus messaging engine connections and for connections between messaging engines that are in different buses.

A particular inbound transport chain must have no affinity with a messaging engine. Any enabled inbound transport chain can contact any messaging engine that is active on a server because by default, an application server is created with unsecured inbound transport chains. You might therefore have to disable or delete these chains to restrict access to secure chains only.

Related tasks
Protecting data transmitted between linked buses

Concept topic

Terms of use | Feedback


Timestamp icon Last updated: 27 November 2008
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.pmc.wsfep.multiplatform.doc/concepts/cjk3000_.html

Copyright IBM Corporation 2004, 2008. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)