You can associate a secure outbound
endpoint with a new
Secure Sockets Layer (SSL) configuration directly. If you are migrating
from a release prior to version 6.1, WebSphere® Application
Server still supports configurations that were selected directly at
an endpoint. Direct selection always overrides centrally managed configurations
and preserves migrated configurations.
About this task
Select an SSL configuration alias directly at the
following
endpoints:
- Security > Global security > RMI/IIOP security >
CSIv2
outbound transport
- Security > Global security >
RMI/IIOP security > CSIv2
inbound transport
- System administration > Deployment
manager > Transport
Chain > WCInboundAdminSecure > SSL inbound channel (SSL_1)
- System administration > Deployment manager > Administration
Services > JMX connectors > SOAPConnector > Custom Properties >
sslConfig
- System administration > Node agents >
nodeagent >
Administration Services > JMX connectors > SOAPConnector >
Custom Properties > sslConfig
- Servers > Application
servers > server1 > Messaging
engine inbound transports > InboundSecureMessaging > SSL inbound
channel (SIB_SSL_JFAP)
- Servers > Application servers >
server1 > WebSphere MQ link inbound transports >
InboundSecureMQLink > SSL inbound channel (SIB_SSL_MQFAP)
- Servers > Application servers > server1 > SIP Container
Settings > SIP container transport chains > SIPCInboundDefaultSecure >
SSL inbound channel (SSL_5)
- Servers > Application
servers > server1 > Web Container
Settings > Web container transport chains > WCInboundAdminSecure >
SSL inbound channel (SSL_1)
- Servers > Application
servers > server1 > Web Container
Settings > Web container transport chains > WCInboundDefaultSecure >
SSL inbound channel (SSL_2)
Attention: The
central management of SSL configurations
can be a more efficient strategy because multiple configurations can
be contained within a single SSLConfigGroup. If you need to convert
configuration references that are already directly managed to centrally
managed configurations, modify each endpoint individually. Use the
AdminConfig.modify command
to set the
sslConfigAlias value to an empty string
(""). Below is an example of doing this:
For more information on using this command, see the information
about configuring processes using scripting.
For more
information on specific wsadmin commands that affect a repertoire
as opposed to individual endpoints, see the SSLConfigGroupCommands
group for the AdminTask topic.
Complete the following
steps in the administrative console:
Note: These steps provide an example
to follow when you directly select any of the endpoints listed above.
Procedure
- Click Security > Global security > RMI/IIOP
security >
CSIv2 outbound transport.
- Click Use
specific SSL alias. When you
identify a specific SSL alias, you override the centrally managed
scope associations.
- Select an SSL configuration
alias from the drop-down list.
- Click OK.
- Repeat these steps for additional protocols or endpoints,
if desired.
Results
By associating the endpoint
directly, you have overridden
a centrally managed SSL configuration.
What to do next
If you
decide to use management scopes instead of endpoints
to associate an SSL configuration, follow the steps above, but click Centrally
managed instead of Use specific SSL alias, then click Manage
endpoint security configurations. The console is redirected to Security >
SSL certificate and key management > Manage endpoint security configurations.