Trust managers settings

This page enables you to view and set definitions for trust manager implementation settings. A trust manager is a class that gets invoked during a Secure Sockets Layer (SSL) handshake to make trust decisions about the remote end point. A default trust manager is used to validate the signature and expiration of the certificate. Custom trust managers can be plugged in to perform an extended certificate and hostname check.

To view this administrative console page, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration . Under Related items, click Trust managers > New.

Name

Specifies the name of the trust manager.

Data type: Text
Default: ibmX509TrustManager
[jun2010]

Management scope

[jun2010]
jun2010

Specifies the scope where this Secure Sockets Layer (SSL) configuration is visible. For example, if you choose a specific node, then the configuration is only visible on that node and any servers that are part of that node.

Data type List
Range: Applicable scopes

Standard

Specifies that the trust manager selection is available from a Java™ provider that is installed in the java.security file. This provider might be shipped by the Java Secure Sockets Extension (JSSE) or might be a custom provider that implements the javax.net.ssl.X509TrustManager interface.

Default: Enabled

Provider

Specifies the provider name that has an implementation of the javax.net.ssl.X509TrustManager interface. This provider is typically set to IBMJSSE2.

Enabled when Standard is selected.
Default IBMJCE

Algorithm

Specifies the algorithm name of the trust manager implemented by the selected provider.

Enabled when Standard is selected.
Default ibmX509 or IbmPKIX
Range ibmX509, IbmPKIX

Custom

Specifies that the trust manager selection is based on a custom implementation class that implements the javax.net.ssl.X509TrustManager interface and optionally the com.ibm.wsspi.ssl.TrustManagerExctendedInfo interface to obtain additional connection information that is not otherwise available.

Default: Disabled

Class name

Specifies a class that implements the javax.net.ssl.X509TrustManager interface. Optionally, the class can implement the com.ibm.wsspi.ssl.TrustMangerExtendedInfo interface to get extended information about the connection. The class can use the information to verify the host name and so on.

Enabled when Custom is selected.
Data type: Text



Related tasks
Creating a Secure Sockets Layer configuration
Related reference
Trust managers collection
Reference topic    

Terms of Use | Feedback

Last updated: Oct 20, 2010 11:50:58 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-base-iseries&topic=usec_ssltrustmgrprops
File name: usec_ssltrustmgrprops.html