WebSphere® Application Server provides dynamic outbound selection that enables you to choose a specific Secure Sockets Layer (SSL) configuration and certificate alias for each outbound protocol, target host, target port, or any combination of these attributes. You can specify the dynamic selection information for outbound connections from a pure client or from a server that is acting as a client.
Before the SSL runtime for WebSphere Application Server starts an outbound connection, the runtime attempts to match the outbound protocol, target host, and target port attributes with the dynamic outbound selection information that is associated with an SSL configuration and certificate alias in the configuration.
The runtime caches both selection misses and selection hits, so the impact on performance can be minimal. However, a relationship exists between the amount of dynamic outbound selection information and its impact on the initial connection performance.
The default dynamic outbound selection configuration specifies that all outbound administrative SOAP connections use the same SSL configuration and certificate alias within the entire cell.
<dynamicSSLConfigSelections xmi:id="DynamicSSLConfigSelection_1" name="AdminSSLOutbound" description="Uses the AdminSSL configuration for all outbound SOAP calls." dynamicSelectionInfo="ADMIN_SOAP,*,*" certificateAlias="default" sslConfig="SSLConfig_2" managementScope="ManagementScope_1"/>The SSL runtime checks the configuration and confirms that certificateAlias="default" and sslConfig="SSLConfig_2" for the ADMIN_SOAP protocol when you enable client certificate authentication.