Configure outbound transports
Overview
Outbound transports refers to the transport used to connect to a downstream server. When you configure the outbound transport, consider the transports that the downstream servers support. If you are considering Secure Sockets Layer (SSL), also consider including the signers of the downstream servers in this server truststore file for the handshake to succeed. When you select an SSL configuration, that configuration points to keystore and truststore files that contain the necessary signers. If you configured client certificate authentication for this server in the Security > Authentication Protocols > CSIv2 Outbound Authentication panel, then the downstream servers contain the signer certificate belonging to the server personal certificate.
Overview
Complete the following steps to configure the Outbound Transport panels.- Select the type of transport and the SSL settings by clicking Security > Authentication
Protocol > CSIv2 Outbound Transport panel. By selecting the type
of transport, you are choosing the transport to use when connecting to downstream
servers. The downstream servers support the transport that you choose. If
you choose SSL-Supported, the transport used is negotiated during the
connection. If both the client and server support SSL, always choose SSL-Supported unless
the request is considered a special request that does not require SSL, such
as if an object request broker (ORB) is a request.
- Pick the SSL settings that correspond to an SSL transport. Click Security > SSL. This panel includes the SSL configuration
of keystore files, truststore files, file formats, security levels, ciphers,
cryptographic token selections, and so on. Verify that the truststore file in the selected SSL configuration contains
the signers for any downstream servers. Also, verify that the downstream servers
contain the server signer certificates when outbound client certificate authentication
is used.
- Select the SSL settings used for outbound requests to downstream Secure Authentication Service (SAS) servers. Click Security > Authentication Protocol > SAS Outbound. Remember that the SAS protocol allows interoperability with previous releases. When configuring the keystore and truststore files in the SSL configuration, these files have the correct information for interoperating with previous releases of WebSphere Application Server. For example, a previous release has a different personal certificate than the V5 release. If you use the keystore file from the V5.0 release, add the signer to the truststore file of the previous release. Also, extract the signer for the V5.0 release and import that signer into the truststore file of the previous release.
Results
The outbound transport configuration is complete.
Example
What to do next
When you finish configuring security, perform the following steps to save, synchronize, and restart the servers.
- Click Save in the administrative console to save any modifications
to the configuration.
- Synchronize the configuration with all node agents.
- Stop and restart all servers, after synchronization.
Common secure interoperability transport outbound settings
Secure Authentication Service transport outbound settings