Operating Systems: i5/OS
Personalize the table of contents and search results
Associating a Secure Sockets Layer configuration dynamically with an
outbound protocol and remote secure endpoint
After you create a Secure Sockets Layer (SSL) configuration, you
must associate a secure outbound management scope with the new configuration.
In this release, you can associate one SSL configuration with one remote
secure endpoint and a different SSL configuration to another remote secure
endpoint. Both endpoints can use the same outbound protocol, if appropriate.
This task describes how to create the association dynamically.
Dynamic outbound selection requires that you provide only the outbound
protocol name, the target host, and the target port so that WebSphere Application
Server can make a connection between the SSL configuration and the outbound
protocol or remote secure endpoint. The dynamic outbound selection method
takes precedence over other selection methods, such as central management
and direct selection, but is second to the programmatic method, that is, setting
an SSL configuration on the running thread. For more information about the
selection types and precedence rules, see Secure communications using Secure Sockets Layer.
Overview
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management > Manage
endpoint security configurations > Outbound.
- Select the management scope that you want to associate with an
SSL configuration on the topology tree.
- Under Related Items, click Dynamic outbound endpoint SSL configurations.
The default dynamic outbound configuration name, the target protocol,
host, and port connection information, and the SSL configuration name display.
- Click New to create a new dynamic outbound configuration.
- Type a dynamic outbound configuration name. Use a name
that is descriptive of the purpose of the dynamic selection configuration.
- Optionally, type a dynamic selection configuration description.
- Type the connection information that you want to associate with
the configuration that is displayed in the SSL configuration drop-down list.
The connection information must be in the format protocol name, target
host, target port. You can substitute an asterisk (*) for any value,
as in the following examples:
- *,*,443
- *,www.ibm.com,443
- HTTP,.austin.ibm.com,*
where 443 is a port, www.ibm.com is a host, HTTP is a protocol, and .austin.ibm.com
is a target host. You can add multiple connections, but each additional connection
can affect outbound performance.
- Click Add to add the new connection to the set of SSL configuration
connections. To remove a connection, select it and click Remove.
- Select an SSL configuration from the list.
- Click Get certificate aliases to refresh the certificate
aliases that are contained in the associated key store.
- Choose a certificate alias from the list.
- Click OK and Save.
Results
WebSphere Application Server is ready to connect one or more SSL configurations
to one or more remote secure endpoints.
What to do next
You can return to the outbound tree and select another management
scope to associate with the same or a new outbound configuration.
}
Example: Programmatically specifying an outbound SSL configuration
using JSSEHelper API
Associating Secure Sockets Layer configurations centrally with inbound
and outbound scopes
Selecting an SSL configuration alias directly from an endpoint configuration
Enabling Secure Sockets Layer client authentication for a specific
inbound endpoint
Manage endpoint security configurations
Dynamic inbound and outbound endpoint SSL configurations collection
Dynamic outbound endpoint SSL configuration settings
Related concepts
Secure communications using Secure Sockets Layer
Dynamic outbound selection of Secure Sockets Layer configurations
Central management of Secure Sockets Layer configurations
Secure Sockets Layer configurations
Related Reference
ssl.client.props client configuration file
|