You
can create a custom trust manager configuration at
any management scope and associate the new trust manager with a Secure
Sockets Layer (SSL) configuration.
About this task
Complete the following
steps in the administrative console:
Procedure
- Decide
whether you want to create the custom trust manager
at the cell scope or below the cell scope at the node, server, or
cluster, for example.
Important: When you create
a custom trust manager at a level below the cell scope, you can associate
it only with a Secure Sockets Layer (SSL) configuration at the same
scope or higher. An SSL configuration at a scope lower than the
trust manager does not see the trust manager configuration.
- To create a custom trust manager at the cell scope,
click Security >
SSL certificate and key management > Trust managers. Every
SSL configuration in the cell can select the trust manager at the
cell scope.
- To create a custom trust manager at a
scope below the cell
level, click Security > SSL certificate and key management >
Manage endpoint security configurations > {Inbound | Outbound} > ssl_configuration >
Trust managers.
- Click New to
create a new custom trust manager.
- Type a unique
trust manager name.
- Select the Custom implementation
setting. The
custom setting enables you to define a Java class
with an implementation of the javax.net.ssl.X509TrustManager Java interface and, optionally, the com.ibm.wsspi.ssl.TrustManagerExtendedInfo WebSphere Application Server interface.
Note: The
standard implementation setting applies only when the trust manager
is already defined in the Java security
provider list as a provider and an algorithm, which is not the case
for a custom trust manager.
- Type a
class name, for example, com.ibm.test.CustomTrustManager.
- Select one of the following actions:
- Click Apply,
then click Custom properties under
Additional Properties to add custom properties to the new custom trust
manager. When you are finished adding custom properties, click OK and Save,
then go to the next step.
- Click OK and Save,
then go to the next step.
- Click SSL
certificate and key management in the
page navigation at the top of the panel.
-
Select one of the following actions:
- Click SSL
configurations under Related Items for a
cell-scoped SSL configuration.
- Click Manage endpoint
security configurations to select
an SSL configuration at a lower scope.
-
Click the link for the existing SSL configuration that
you want to associate with the new custom trust manager. You
can create a new SSL configuration instead of associating the custom
trust manager with an existing configuration. For more information,
see Creating a Secure Sockets Layer configuration.
- Click Trust and Key managers under Additional
Properties. If the new custom trust manager is not listed
in the Additional
ordered trust managers list, verify that you selected an SSL configuration
scope that is at the same level or below the scope that you selected
in Step 8.
- Click Add. This
action adds the new trust
manager to the list of custom trust managers.
- Click OK and Save.
Results
You have created a custom trust manager configuration
that
references a JAR file in the install directory of WebSphere Application
Server and associates it with an SSL configuration during the connection
handshake.
What to do next
You can create a custom trust manager
for a pure client.
For more information, see the TrustManagerCommands command
group for the AdminTask object topic.