WebSphere® Application Server Network
Deployment profiles must be configured to use the correct SSL protocol for your deployment. If the
SSL protocol is set to the wrong version, the madconfig utility will be unable to communicate with
WebSphere Application Server.
About this task
Your deployment can use any of the following SSL protocol options: SSL_TLS, SSL, SSLv2, SSLv3,
TLS, TLSv1, TLSv1.2, or SSL_TLSv2.
Tip: Avoid using the older versions of SSL or TLS.
Procedure
-
Stop the node agent.
-
In the node agent WebSphere Application Server profile, edit the file
<WAS_PROFILE_HOME>/properties/ssl.client.props.
-
Set the value of the com.ibm.ssl.protocol variable to one of the following:
- SSL
- SSLv2
- SSLv3
- SSL_TLS
- SSL_TLSv2
- TLS
- TLSv1
- TLSv1.2
For example:
com.ibm.ssl.protocol=TLSv1.2
-
If you set the SSL protocol to be TLSv1.2, there are some extra configuration steps
required:
-
In the node agent WebSphere Application Server profile, edit the file
<WAS_PROFILE_HOME>/config/cells/<WAS_CELL_NAME>/security.xml.
-
Set the value of sslProtocol to be TLSv1.2.
-
Start the WebSphere Application Server integrated solutions console (admin console) and
navigate to .
-
On the SSL Configuration screen, enable the TLSv1.2 protocol for the
CellDefaultSSLSettings, NodeDefaultSSLSettings, and XDADefaultSSLSettings configuration items.
-
Select Configuration, then select , then select TLSv1.2 and click OK.
-
In the deployment manager WebSphere Application Server profile, edit the file
<WAS_PROFILE_HOME>/properties/ssl.client.props.
-
Set the value of com.ibm.ssl.protocol to be TLSv1.2.
com.ibm.ssl.protocol=TLSv1.2
-
Restart the deployment manager.
-
Restart the node agent.
- Configure the application server to enable TLSv1.2: