When configuring a transport using the administrative
console:
- If you select Use default SSL, the transport picks
up the SSL configuration information from the Security Center default SSL
configuration.
- If you do not select Use default SSL, the transport
picks up the SSL configuration information from what is defined on the
transport panel.
One way to tell if the default SSL configuration is being used is to
check the <key-file-name/> tag to see if there is a key-file
defined.
To see if a key-file is defined:
- Search the XMLConfig output file for the SSL transport
port number (usually 9443) or the <transport name=> tag if you don't
know the port. SSL enabled transports contain the tag
<ssl-enabled>true</ssl-enabled>.
- If you selected Use default SSL, the transport's
xml contains a <key-file-name/> end tag, but no corresponding
<key-file-name> start tag and no path to the keyfile itself
(xxxx.jks).
- If Use default SSL was NOT selected, the path to
the keyfile appears between the complete key-file-name start and end tags
.
Example of XMLConfig output when "use default SSL" check box was
selected (default SSL configuration in use):
<transport name="http">
<transport-host>*</transport-host>
<transport-port>9443</transport-port>
<http-transport>
<connection-timeout>5</connection-timeout>
<backlog-connections>511</backlog-connections>
<keep-alive-timeout>5</keep-alive-timeout>
<maximum-keep-alive>25</maximum-keep-alive>
<maximum-req-keep-alive>100</maximum-req-keep-alive>
<ssl-enabled>true</ssl-enabled>
<ssl-config>
<key-file-name/> NOTE:(No beginning
<key-file-name> tag nor path
to *.jks keyfiles, therefore is using default SSL)
<key-file-password>{xor}</key-file-password>
<key-file-format>0</key-file-format>
<client-authentication>false</client-authentication>
<security-level>0</security-level>
<crypto-hardware-enabled>false</crypto-hardware-enabled>
<crypto-library-file/>
<crypto-password>{xor}</crypto-password>
<crypto-token-type/>
<trust-file-name/>
<trust-file-password>{xor}</trust-file-password>
</ssl-config>
</http-transport>
|