Creating a custom key manager

You can create a custom key manager configuration at any management scope and associate the new key manager with a Secure Sockets Layer (SSL) configuration.

Before you begin

You must develop, package, and locate a Java Archive (.JAR) file for a custom key manager in the was.install.root/lib/ext directory on WebSphere Application Server. For more information, see Example: Developing a custom key manager for custom Secure Sockets Layer key selection.

About this task

Complete the following steps in the administrative console:

Procedure

  1. Decide whether you want to create the custom key manager at the cell scope or below the cell scope at the node, server, or cluster, for example.
    Important: When you create a custom key manager at a level below the cell scope, you can associate it only with a Secure Sockets Layer (SSL) configuration at the same scope or higher. An SSL configuration at a scope lower than the key manager does not see the key manager configuration.
    • To create a custom key manager at the cell scope, click Security > SSL certificate and key management > Key managers. Every SSL configuration in the cell can select the key manager at the cell scope.
    • To create a custom key manager at a scope below the cell level, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > SSL_configuration > Key managers.
  2. Click New to create a new key manager.
  3. Type a unique key manager name.
  4. Select the Custom implementation setting. With the custom setting, you can define a Java class that has an implementation on the Java interface javax.net.ssl.X509KeyManager and, optionally, the com.ibm.wsspi.ssl.KeyManagerExtendedInfo WebSphere Application Server interface. The standard implementation setting applies only when the key manager is already defined in the Java security provider list as a provider and an algorithm, which is not the case for a custom key manager. The typical standard key manager is algorithm = IbmX509, provider = IBMJSSE2.
  5. Type a class name. For example, com.ibm.test.CustomKeyManager.
  6. Select one of the following actions:
    • Click Apply, then click Custom properties under Additional Properties to add custom properties to the new custom key manager. When you are finished adding custom properties, click OK and Save, then go to the next step.
    • Click OK and Save, then go to the next step.
  7. Click SSL certificate and key management in the page navigation at the top of the panel.
  8. Select one of the following actions:
    • Click SSL configurations under Related Items for a cell-scoped SSL configuration.
    • Click Manage endpoint security configurations to select an SSL configuration at a lower scope.
  9. Click the link for the existing SSL configuration that you want to associate with the new custom key manager. You can create a new SSL configuration instead of associating the custom key manager with an existing configuration. For more information, see Creating a Secure Sockets Layer configuration.
  10. Click Trust and Key managers under Additional Properties.
  11. Select the new custom key manager in the Key manager drop-down list. If the new custom key manager is not listed, verify that you selected an SSL configuration scope that is at the same level or below the scope that you selected in Step 8.
  12. Click OK and Save.

Results

You have created a custom key manager configuration that references a JAR file in the installation directory of WebSphere Application Server and associates the custom configuration with an SSL configuration during the connection handshake.

What to do next

You can create a custom key manager for a pure client. For more information, see keyManagerCommands command group for the AdminTask object.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=tsec_sslcreatecuskeymgr
File name: tsec_sslcreatecuskeymgr.html