![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
![[z/OS]](../images/ngzos.gif)
Preparing for security at installation time
Complete the following tasks to implement security before, during, and after installing WebSphere® Application Server.
Procedure
Secure your environment before installation. This step describes how to perform WebSphere Application Server installation with proper authority on different platforms. For more information, refer to Securing your environment before installation.
Prepare the operating system for installation of WebSphere Application Server. This step describes how to prepare the different operating systems for installation of WebSphere Application Server. For more information, see "Preparing the operating system for product installation" .
Install WebSphere Application Server. This step describes how to install WebSphere Application Server on the z/OS® platform. For more information, see "Installing the product and additional software" .
- Migrate security configurations from previous releases
during installation, when you are prompted to do so. This
step describes how to migrate security configurations from a previous
release of WebSphere Application Server to WebSphere Application Server 9.0 版.
For more information, see "Migrating product configurations" in the InfoCenter.
- Optional:
You can create a profile during install time. If you elect to do so, administrative security is enabled for that profile by default. A panel is displayed during profile creation time and enabling administrative security is selected by default. If you elect to keep this as the default, you must supply an administrative user ID and password. This user ID is created in a federated repository, which is the default user registry when enabling administrative security at profile creation time.
- If you go into the advanced profile creation, a panel is available for changing the default settings for your certificate, a root certificate (used to sign your personal certificate) and a personal certificate (used to sign/encrypt data over the network). Ensure that the root certificate has a long lifetime and the personal certificate a shorter one. Import your own personal certificate and or root certificate. If your personal certificate is signed by the certificate authority (CA), it is not important to change your root certificate. You should also change the default keystore password to something more secure.
- Optional:
During customization of a stand-alone application server or WebSphere Application Server, Network Deployment cell, you can enable administrative security by using either a z/OS security product or WebSphere Application Server to manage users, groups, and the security policy.
- Secure your environment after installation. This step provides information on how to protect password information after you install WebSphere Application Server. For more information, see Securing your environment after installation.
For information about enabling security after customization is complete, see Enabling security.
次主題
Securing your environment before installation
The following instructions explain how to perform a product installation with proper authority.Securing your environment after installation
WebSphere Application Server depends on several configuration files that are created during installation. These files contain password information and need protection. Although the files are protected to a limited degree during installation, this basic level of protection is probably not sufficient for your site. You should verify that these files are protected in compliance with the policies of your site.WebSphere Application Server security for z/OS
WebSphere Application Server for z/OS supports access to resources by clients and servers in a distributed environment. Determine how to control access to these resources and prevent inadvertent or malicious destruction of the system or data.Defining Secure Sockets Layer security for servers
Complete these steps for RACF® to authorize the server to use digital certificates. SSL uses digital certificates and public and private keys.Creating Secure Sockets Layer digital certificates and System Authorization Facility keyrings that applications can use to initiate HTTPS requests
You can create Secure Sockets Layer (SSL) digital certificates and System Authorization Facility (SAF) keyrings that applications can use to initiate HTTPS requests.Creating a new System SSL repertoire alias
With Secure Sockets Layer (SSL) configuration repertoire, administrators can define any number of SSL settings that can be used to make HyperText Transport Protocol SSL (HTTPS), Internet Inter-ORB Protocol SSL (IIOPS) or Lightweight Directory Access Protocol SSL (LDAPS) connections. You can reuse many of these SSL configurations by simply specifying an alias in multiple places.Creating a new Java Secure Socket Extension repertoire alias
The following steps describe how to generate a new Java™ Secure Socket Extension (JSSE) repertoire alias. Using the JSSE repertoire, you can pick one of the JSSE repertoire settings defined here from any location within the administrative console.Setting up SSL connections for Java clients
Follow these steps to configure SSL for use between Java clients running on a workstation and the WebSphere Application Server for z/OS Java Platform, Enterprise Edition (Java EE) server.
Related reference:


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tsec_install
檔名:tsec_install.html