ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/sec/seccsslr.htm

55 lines
3.8 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Use SSL configuration repertoires</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h5><a name="seccsslr"></a>Use SSL configuration repertoires</h5>
<p>An SSL repertoire contains the details necessary for building an SSL connection, such as the location of the key files, their type and the available ciphers. WebSphere Application Server - Express provides a default repertoire called DefaultSSLSettings. To view this page in the administrative console, click <strong>Security</strong> --&gt; <strong>SSL</strong> to see the list of SSL repertoire settings.</p>
<p><strong>Note:</strong> It is not recommended to use the default repertoire in a production environment. For more information, see <a href="seccsktf.htm">Change the default SSL keystore and truststore files</a>.</p>
<p>The appropriate repertoire is referenced during the configuration of a service that sends and receives requests encrypted using SSL, such as the Web container. Before deleting SSL configurations from the repertoire, remember that if an SSL configuration alias is referenced somewhere, and it is deleted here, an SSL connection fails if the deleted alias is accessed.</p>
<p>The SSL configuration repertoire allows administrators to define any number of SSL settings which can be used to make HTTPS, IIOPS, or LDAPS connections. You can pick one of the SSL settings defined here from any location within the administrative console which allows SSL connections. This simplifies the SSL configuration process since you can reuse many of these SSL configurations by simply specifying the alias in multiple places.</p>
<p>To create an SSL repertoire, perform these steps in the WebSphere administrative console:</p>
<ol>
<li>In the navigation menu, expand <strong>Security</strong> and then click <strong>SSL</strong>.</li>
<li>From the SSL Configuration Repertoire window, click <strong>New</strong>. Type an Alias by which the configuration is known. Click <strong>OK</strong>.</li>
<li>Select the new SSL configuration repertoire by clicking the link.</li>
<li>Now click <strong>Secure Sockets Layer (SSL)</strong> under in Additional Properties. The new configuration details can be entered in the window that appears.</li>
<li>Type the location of the key file name.</li>
<li>Type the password for the key file.</li>
<li>Repeat the above two steps for the trust file.</li>
<li>If Client Authentication is supported by this configuration, then select <strong>Client Authentication</strong>. This only affects HTTP and LDAP requests.</li>
<li>The appropriate security level must be set. Valid values are as follows:
<ul>
<li><strong>Low</strong>
<br>Specifies only digital signing ciphers (no encryption).</li>
<li><strong>Medium</strong>
<br>Specifies only 40-bit ciphers (including digital signing).</li>
<li><strong>High</strong>
<br>specifies only 128-bit ciphers (including digital signing).</li>
</ul></li>
<li>If the preset security level does not define the required cipher, it can be manually added to the cipher suite option.</li>
<li>Note that hardware or software cryptographic support is not available on the iSeries system. The <strong>Cryptographic Token</strong> setting is not applicable to iSeries.</li>
<li>Select <strong>IBMJSSE</strong> as the JSSE provider.</li>
<li>Select an SSL protocol version.</li>
<li>Click <strong>OK</strong> to apply the changes.</li>
<li>If there are no errors, save the changes to the master configuration and restart WebSphere Application Server - Express.</li>
</ol>
</body>
</html>