Selecting an SSL configuration alias directly from an endpoint configuration

Operating Systems: i5/OS
Personalize the table of contents and search results

Selecting an SSL configuration alias directly from an endpoint configuration

You can associate a secure outbound endpoint with a new Secure Sockets Layer (SSL) configuration directly. If you are migrating from a release prior to version 6.1, WebSphere Application Server still supports configurations that were selected directly at an endpoint. Direct selection always overrides centrally managed configurations and preserves migrated configurations.

Overview

Select an SSL configuration alias directly at the following endpoints:

Security > Secure administration, applications, and infrastructure > RMI/IIOP security > CSIv2 outbound transport
Security > Secure administration, applications, and infrastructure > RMI/IIOP security > CSIv2 inbound transport
System administration > Deployment manager > Transport Chain > WCInboundAdminSecure > SSL inbound channel (SSL_1)
System administration > Deployment manager > Administration Services > JMX connectors > SOAPConnector > Custom Properties > sslConfig
System administration > Node agents > nodeagent > Administration Services > JMX connectors > SOAPConnector > Custom Properties > sslConfig
Servers > Application servers > server1 > Messaging engine inbound transports > InboundSecureMessaging > SSL inbound channel (SIB_SSL_JFAP)
Servers > Application servers > server1 > WebSphere MQ link inbound transports > InboundSecureMQLink > SSL inbound channel (SIB_SSL_MQFAP)
Servers > Application servers > server1 > SIP Container Settings > SIP container transport chains > SIPCInboundDefaultSecure > SSL inbound channel (SSL_5)
Servers > Application servers > server1 > Web Container Settings > Web container transport chains > WCInboundAdminSecure > SSL inbound channel (SSL_1)
Servers > Application servers > server1 > Web Container Settings > Web container transport chains > WCInboundDefaultSecure > SSL inbound channel (SSL_2)

Attention: Keep in mind that central management of SSL configurations can be a more efficient strategy because multiple configurations can be contained within a single SSLConfigGroup. If you need to convert configuration references that are already directly managed to centrally managed configurations, modify each endpoint individually. For more information on specific wsadmin commands, see SSLConfigGroupCommands group for the AdminTask object. Complete the following steps in the administrative console:

Note: These steps provide an example to follow when you directly select any of the endpoints listed above.

Procedure

Click Security > Secure administration, applications, and infrastructure > RMI/IIOP security > CSIv2 outbound transport.
Click Use specific SSL alias. When you identify a specific SSL alias, you override the centrally managed scope associations.
Select an SSL configuration alias from the drop-down list.
Click OK.
Repeat these steps for additional protocols or endpoints, if desired.

Results

By associating the endpoint directly, you have overridden a centrally managed SSL configuration.

What to do next

If you decide to use management scopes instead of endpoints to associate an SSL configuration, follow the steps above, but click Centrally managed instead of Use specific SSL alias, then click Manage endpoint security configurations. The console is redirected to Security > SSL certificate and key management > Manage endpoint security configurations.

}
Dynamic outbound selection of Secure Sockets Layer configurations
Central management of Secure Sockets Layer configurations
Secure Sockets Layer configurations