Selecting an SSL configuration alias directly from an endpoint configuration
You can associate a secure outbound endpoint with a new Secure Sockets Layer (SSL) configuration directly. If you are migrating from a release prior to version 6.1, WebSphere® Application Server still supports configurations that were selected directly at an endpoint. Direct selection always overrides centrally managed configurations and preserves migrated configurations.
About this task
- Security > Global security > RMI/IIOP security > CSIv2 outbound transport
- Security > Global security > RMI/IIOP security > CSIv2 inbound transport
- System administration > Deployment manager > Transport Chain > WCInboundAdminSecure > SSL inbound channel (SSL_1)
- System administration > Deployment manager > Administration Services > JMX connectors > SOAPConnector > Custom Properties > sslConfig
- System administration > Node agents > nodeagent > Administration Services > JMX connectors > SOAPConnector > Custom Properties > sslConfig
- Servers > Application servers > server1 > Messaging engine inbound transports > InboundSecureMessaging > SSL inbound channel (SIB_SSL_JFAP)
- Servers > Application servers > server1 > WebSphere MQ link inbound transports > InboundSecureMQLink > SSL inbound channel (SIB_SSL_MQFAP)
- Servers > Application servers > server1 > SIP Container Settings > SIP container transport chains > SIPCInboundDefaultSecure > SSL inbound channel (SSL_5)
- Servers > Application servers > server1 > Web Container Settings > Web container transport chains > WCInboundAdminSecure > SSL inbound channel (SSL_1)
- Servers > Application servers > server1 > Web Container Settings > Web container transport chains > WCInboundDefaultSecure > SSL inbound channel (SSL_2)
Attention: The central management of SSL configurations can be a more efficient
strategy because multiple configurations can be contained within a single SSLConfigGroup. If you
need to convert configuration references that are already directly managed to centrally managed
configurations, modify each endpoint individually. Use the AdminConfig.modify command to set
the
sslConfigAlias
value to an empty string (""). An example follows:- Using
Jacl:
set s1 [$AdminConfig getid /Cell:mycell/Node:mynode/Server:server1/] set sslChannel [lindex [$AdminConfig list SSLInboundChannel $s1] 0] $AdminConfig modify $sslChannel [list[list sslConfigAlias ""]]
For more information on specific wsadmin commands that affect a repertoire as opposed to individual endpoints, see the SSLConfigGroupCommands group for the AdminTask topic.
Complete the following steps in the administrative console:
Note: These steps
provide an example to follow when you directly select any of the endpoints listed
previously.
Procedure
- Click Security > Global security > RMI/IIOP security > CSIv2 outbound transport.
- Click Use specific SSL alias. When you identify a specific SSL alias, you override the centrally managed scope associations.
- Select an SSL configuration alias from the drop-down list.
- Click OK.
- Repeat these steps for additional protocols or endpoints, if desired.