Configuring an SSL connection in WebSphere Application Server for centralized key management

To use external key management for your FileNetĀ® P8 system, you configure the SSL connection in the WebSphere Application Server administration console.

Before you begin

This process assumes that you have already configured WebSphere Application Server to use with your Content Platform Engine environment. Review the requirements in Configuring WebSphere for Content Platform Engine to ensure that your application server is set up properly before you continue with these steps.

Procedure

To configure the SSL connection in WebSphere Application Server for external key management:

  1. In the WebSphere Application Server administration console, expand the Security node in the navigation pane, and click SSL certificate and key management.
  2. From the Related items list, click SSL configurations.
  3. In the SSL configurations page, click New to create the SSL configuration.
    Provide the following details:
    • Name: kmipSSLSettings
    • Trust store name: Add the name of the trust store that you just configured, kmipTrustStore.
    • Keystore name: Add the name of the keystore that you just configured, kmipKeyStore.
    • Click Get certificate aliases to fill in the Default client certificate alias, cpeclient.
    • Management scope: Set to the location where the Content Platform Engine server will be deployed.
    Note: For WebSphere Application Server V8.5.5. only, if you plan to upgrade from SKLM 3.0.0 to 3.0.1, you must also upgrade the JDK that is used by WebSphere Application Server. Go to Additional Properties > Quality of Protection (Q Op), and update the SSL protocol for the KMIP server to TLSv1.2 or TLSv2.
  4. Apply your changes and save the configuration.