You can configure cryptographic token support in both client and server configurations. To configure a Java client application, use the sas.client.props configuration file. To configure WebSphere Application Server, start the administrative console by specifying the following URL: http://server_hostname:port_number/ibm/console.
Before you begin
By default, the sas.client.props file is located in the profile_root/properties/ directory of your WebSphere Application Server installation.
To understand how to make WebSphere Application Server (both the run time and the key management utility) work correctly with any cryptographic token device, become familiar with the Java Secure Socket Extension (JSSE) documentation available in the http://www.ibm.com/developerworks/java/jdk/security/142/jsse2docs.zip. and http://www.ibm.com/developerworks/java/jdk/security/142/ikmuserguide.pdf files.
WebSphere Application Server runtime uses the IBMPKCS11Impl provider instead of the IBMPKCS11 provider for hardware crypto support. See http://www.ibm.com/developerworks/java/jdk/security/142/pkcs11implDocs.zip for more information. Refer to the "IBM Java PKCS 11 Implementation Provider.htm" document located in this ZIP file.
Steps for this task
Leave the KeyStore File Name, KeyStore File Password, TrustStore File Name, TrustStore File Password fields in an SSL configuration blank, if you want to use only cryptographic tokens as your keystore. You can modify an existing configuration if you click Security > SSL > alias. You must specify an alias and select the Cryptographic token option. The following directions explain how to configure WebSphere Application Server for a new cryptographic device.
For the Lightweight Directory Access Protocol (LDAP) SSL transport, you can modify the SSL configuration repertoire aliases by clicking Security > Global security. Under User registries, click LDAP.
Result
The WebSphere Application Server configuration is configured to take advantage of a cryptographic token device for cryptographic functions that are used by SSL. This configuration can improve the system performance over software encryption when SSL is used to protect your data that is transferred over the network.Example
What to do next
If the server configuration has changed, restart the configured server.Related tasks
Managing digital certificates
Configuring Secure Sockets Layer (SSL)