If you are porting a JSSE application from another platform, or require the Java JSSE interfaces to certificate storage using Java keystore files, or require access to miscellaneous SSL implementation classes such as com.ibm.net.ssl.SSLContext, use the configuration steps below to use Java JSSE. Also, you may use Java keystore files for applications that use the java.net.URL class to provide a direct connection to the Web server through HTTPS protocol. For more information, see Configure SSL for java.net.URL HTTPS protocol.
Configure the client Java keystore
This step may be omitted if you already have a client Java keystore file populated with the required personal and signer certificates.
To configure the client Java keystore, create an SSL key file that is used for both trust validation and key storage. Peform these steps:
Start the iKeyman utility on your workstation. For more information, see The iKeyman utility.
Click Signer Certificates and select Personal Certificates.
Enter serverAppsCA for the label and click OK.
Click Key Database File.
Select Exit.
Configure the server Java keystore
This step may be omitted if you already have a server Java keystore file populated with the required personal and signer certificates.
To configure the server Java keystore, create an SSL key file used for both trust validation and key storage. Perform these steps:
Start iKeyman on your workstation. For more information, see The iKeyman utility.
Enter clientAppsCA for the label and click OK.
Click Key Database File.
Select Exit.
Example client JSSE application code
Note that your application code cannot use SocketFactory socketFactory = SSLSocketFactory.getDefault() to obtain the SocketFactory unless os400.jdk13.jst.factories=true is specified as either a command line Java virtual machine system property or a security property in the java.security file.
For fully supported use of Java keystore files, two other properties which can only be specified in the java.security file must also be set as follows:
ssl.SocketFactory.provider=com.ibm.jsse.JSSESocketFactory ssl.ServerSocketFactory.provider=com.ibm.jsse.JSSEServerSocketFactory
The default java.security file in the properties directory provided for each user instance sets the three properties as follows:
os400.jdk13.jst.factories=true ssl.SocketFactory.provider=com.ibm.jsse.JSSESocketFactory ssl.ServerSocketFactory.provider=com.ibm.jsse.JSSEServerSocketFactory
See Example: JSSE client servlet. The client keystore must be placed in the working directory of WebSphere Application Server - Express.
Example server JSSE application code
Your application code cannot use ServerSocketFactory serverSocketFactory = SSLServerSocketFactory.getDefault() to obtain the ServerSocketFactory unless os400.jdk13.jst.factories=true is specified as either a command line Java virtual machine system property or a security property in the java.security file.
For fully supported use of Java keystore files, two other properties which can only be specified in the java.security file must also be set as follows:
ssl.SocketFactory.provider=com.ibm.jsse.JSSESocketFactory ssl.ServerSocketFactory.provider=com.ibm.jsse.JSSEServerSocketFactory
The default java.security file in the properties directory provided for each user instance sets the three properties as follows:
os400.jdk13.jst.factories=true ssl.SocketFactory.provider=com.ibm.jsse.JSSESocketFactory ssl.ServerSocketFactory.provider=com.ibm.jsse.JSSEServerSocketFactory
See Example: JSSE server servlet. The server keystore must be placed in the working directory of the WebSphere Application Server - Express.