WebSEAL stores client-side certificates and CA root certificates,
used for SSL communication with the distributed session cache, in
a key database file.
About this task
The purpose of each certificate is as follows:
- The CA root certificate is used to validate the server certificate
returned by the distributed session cache.
- The client-side certificate is used by WebSEAL to communicate
with the distributed session cache server.
Procedure
- To specify the key database file, use the ssl-keyfile stanza
entry in the [dsess-cluster] stanza of the WebSEAL
configuration file. For example:
[dsess-cluster]
ssl-keyfile = key-file-name
Unless Verify Identity Access SSL
certificates are being used for communication between WebSEAL and
the distributed session cache, use a separate key file from the other
WebSEAL key files as the value for ssl-keyfile.
- To specify the key database stash file (containing password
information for access to the database file), use the ssl-keyfile-stash stanza
entry in the [dsess-cluster] stanza of the WebSEAL
configuration file. For example:
[dsess-cluster]
ssl-keyfile-stash = key-file-name
- To specify the label name for the client-side certificate,
use the ssl-keyfile-label stanza entry in the [dsess-cluster] stanza
of the WebSEAL configuration file. For example:
[dsess-cluster]
ssl-keyfile-label = label-name