Configuring SSL settings on WebSphere Application Server

The Secure Sockets Layer (SSL) protocol provides secure communications between remote server processes or endpoints. SSL security can be used for establishing communications inbound to and outbound from an endpoint. To establish secure communications, a certificate and an SSL configuration must be specified for the endpoint. Use this information to define Secure Sockets Layer (SSL) configuration properties.

Before you begin

Make sure to configure the passwordless login as described in Setting SSH passwordless login.

About this task

Configure SSL communication on Jazz for Service Management portal after you install Network Performance Insight.

You must configure the SSL one time only. If you are reinstalling or upgrading Network Performance Insight, back up the security.keystore, priv_key.key, which is the private key, and ca.crt, which is the public key if you plan to reuse them.

Procedure

Log in to Dashboard Application Services Hub as administrator user.
Select Console Settings > General > WebSphere Administrative Console in the console navigation.
Click Launch WebSphere administrative console.
Click Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings from the list of Secure Socket Layer (SSL) configurations.

Update the following information:

Option Description Suggested value

Option	Description	Suggested value
Default server certificate alias	If it is not defined earlier, this setting specifies the certificate alias that is used as the identity for this SSL configuration. For custom certificate, this setting specifies the certificate alias that is used as the identity to import the certification.	`netcool` For custom certificate, specify the value set for Imported certificate alias.
Default client certificate alias	Specifies the description for a client certificate alias. For custom certificate, this setting specifies the certificate alias that is used as the identity to import the certification.	`netcool` For custom certificate, specify the value set for Imported certificate alias.

Default server certificate alias

If it is not defined earlier, this setting specifies the certificate alias that is used as the identity for this SSL configuration.

For custom certificate, this setting specifies the certificate alias that is used as the identity to import the certification.

netcool

For custom certificate, specify the value set for Imported certificate alias.

Default client certificate alias

Specifies the description for a client certificate alias.

For custom certificate, this setting specifies the certificate alias that is used as the identity to import the certification.

netcool

For custom certificate, specify the value set for Imported certificate alias.

For rest of the settings, you can keep the prepopulated default values.

Click OK and save the changes to master configuration.

Note: Make sure to convert all your certificates to use SHA256withRSA in WebSphere Application Server.
Verify that the netcool personal certificate is available in SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates.
Optional:
If you import your custom certification, verify that the custom certificate is available in SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates.
Verify that the npi_ca signer certificate is available in SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates.

Restart the WebSphere Application Server.

./stopServer.sh server1
./startServer.sh server1

Press y in the SSL Signer Prompt window if the signer certificate information is displayed.