Determining from XMLConfig output if a transport is using the default Secure Socket Layers (SSL) configuration or the one defined in the transport
 Technote (FAQ)
 
Problem
If you export a WebSphere Application Server configuration and view the results, the application server transport section does not indicate if the "use default SSL" check box was selected. This makes it difficult to determine which SSL configuration is in use by the application server.
 
Solution
When configuring a transport using the administrative console:
  • If you select Use default SSL, the transport picks up the SSL configuration information from the Security Center default SSL configuration.

  • If you do not select Use default SSL, the transport picks up the SSL configuration information from what is defined on the transport panel.

One way to tell if the default SSL configuration is being used is to check the <key-file-name/> tag to see if there is a key-file defined.

To see if a key-file is defined:

  • Search the XMLConfig output file for the SSL transport port number (usually 9443) or the <transport name=> tag if you don't know the port. SSL enabled transports contain the tag <ssl-enabled>true</ssl-enabled>.

  • If you selected Use default SSL, the transport's xml contains a <key-file-name/> end tag, but no corresponding <key-file-name> start tag and no path to the keyfile itself (xxxx.jks).

  • If Use default SSL was NOT selected, the path to the keyfile appears between the complete key-file-name start and end tags .

Example of XMLConfig output when "use default SSL" check box was selected (default SSL configuration in use):


<transport name="http">
<transport-host>*</transport-host> <transport-port>9443</transport-port>
<http-transport>
<connection-timeout>5</connection-timeout> <backlog-connections>511</backlog-connections> <keep-alive-timeout>5</keep-alive-timeout> <maximum-keep-alive>25</maximum-keep-alive> <maximum-req-keep-alive>100</maximum-req-keep-alive> <ssl-enabled>true</ssl-enabled>
<ssl-config>
<key-file-name/> NOTE:(No beginning <key-file-name> tag nor path
to *.jks keyfiles, therefore is using default SSL) <key-file-password>{xor}</key-file-password> <key-file-format>0</key-file-format> <client-authentication>false</client-authentication> <security-level>0</security-level> <crypto-hardware-enabled>false</crypto-hardware-enabled> <crypto-library-file/> <crypto-password>{xor}</crypto-password> <crypto-token-type/>
<trust-file-name/> <trust-file-password>{xor}</trust-file-password>
</ssl-config>
</http-transport>

 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 1050385
IBM Group: Software Group
Modified date: Jan 8, 2004