After you create a Secure Sockets Layer (SSL) configuration,
you must associate a secure outbound management scope with the new
configuration. In this release, you can associate one SSL configuration
with one remote secure endpoint and a different SSL configuration
to another remote secure endpoint. Both endpoints can use the same
outbound protocol, if appropriate. This task describes how to create
the association dynamically.
Before you begin
Dynamic outbound selection requires that you provide only
the outbound protocol name, the target host, and the target port so
that WebSphere
® Application Server can make a
connection between the SSL configuration and the outbound protocol
or remote secure endpoint. The dynamic outbound selection method takes
precedence over other selection methods, such as central management
and direct selection, but is second to the programmatic method, that
is, setting an SSL configuration on the running thread. For more information
about the selection types and precedence rules, see
Secure communications using Secure Sockets Layer (SSL).
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations > Outbound.
- Select the management scope that you want to associate
with an SSL configuration on the topology tree.
- Under Related Items, click Dynamic outbound endpoint
SSL configurations. The default dynamic outbound configuration
name, the target protocol, host, and port connection information,
and the SSL configuration name display.
- Click New to create a new dynamic outbound configuration.
- Type a dynamic outbound configuration name. Use
a name that is descriptive of the purpose of the dynamic selection
configuration.
- Optionally, type a dynamic selection configuration description.
- Type the connection information that you want to associate
with the configuration that is displayed in the SSL configuration
drop-down list. The connection information must be in
the format protocol name, target host, target port.
You can substitute an asterisk (*) for any value, as in the following
examples:
- *,*,443
- *,www.ibm.com,443
- HTTP,.austin.ibm.com,*
-
*,*,* This specification is Not Recommended because
it matches all outbound specifications and, as such, no other SSL
configuration will be used for outbound connections. ![[oct2010]](../../deltaend.gif)
oct2010
where 443 is a port, www.ibm.com is a host, HTTP is a
protocol, and .austin.ibm.com is a target host. You can add multiple
connections, but each additional connection can affect outbound performance.
Avoid trouble: ![[oct2010]](../../delta.gif)
When the outbound connection
is being made from customer written applications, parts of the connection
information may not be known. Some of these applications make API
calls to a protocol to make the connection. Fill in an asterisk (*)
for the missing part of the connection information. See "Dynamic Selection"
in
Secure communications using Secure Sockets Layer (SSL) for
more information.
![[oct2010]](../../deltaend.gif)
oct2010
gotcha
- Click Add to add the new connection to the set of
SSL configuration connections. To remove a connection,
select it and click Remove.
- Select an SSL configuration from the list.
- Click Get certificate aliases to refresh the certificate
aliases that are contained in the associated key store.
- Choose a certificate alias from the list.
- Click OK and Save.
Results
WebSphere Application Server is ready to
connect one or more SSL configurations to one or more remote secure
endpoints.
What to do next
You can return to the outbound tree and select another management
scope to associate with the same or a new outbound configuration.