After you create a Secure Sockets Layer (SSL) configuration, you must associate a secure
outbound management scope with the new configuration. In this release, you can associate one SSL
configuration with one remote secure endpoint and a different SSL configuration to another remote
secure endpoint. Both endpoints can use the same outbound protocol, if appropriate. This task
describes how to create the association dynamically.
Before you begin
Dynamic outbound selection requires that you provide only the outbound protocol name, the
target host, and the target port so that WebSphere® Application Server can make a connection between the SSL
configuration and the outbound protocol or remote secure endpoint. The dynamic outbound selection
method takes precedence over other selection methods, such as central management and direct
selection, but is second to the programmatic method, that is, setting an SSL configuration on the
running thread. For more information about the selection types and precedence rules, see Secure communications using SSL.
About this task
Complete the following steps in the administrative console:
Procedure
-
Click Security > SSL certificate and key management > Manage endpoint security
configurations > Outbound.
-
Select the management scope that you want to associate with an SSL configuration on the
topology tree.
-
Under Related Items, click Dynamic outbound endpoint SSL configurations.
The default dynamic outbound configuration name, the target protocol, host, and port
connection information, and the SSL configuration name display.
-
Click New to create a new dynamic outbound configuration.
-
Type a dynamic outbound configuration name.
Use a name that is descriptive of the purpose of the dynamic selection configuration.
-
Optionally, type a dynamic selection configuration description.
-
Type the connection information that you want to associate with the configuration that is
displayed in the SSL configuration drop-down list.
The connection information must be in the format
protocol name,
target host,
target port. You can substitute an asterisk (*) for any value, as in the following examples,
where 443 is a port, www.mycompany.com is a host, HTTP is a protocol, and .hometown.mycompany.com is
a target host. You can add multiple connections, but each additional connection can affect outbound
performance.
Avoid trouble:
- Unless the intention is to set the protocol property through the JSSEHelper API, the protocol
filter should be set to * (as in the first two examples). See information about dynamic selection.
- The connection protocols that are used for dynamic outbound SSL configuration selection, that
are illustrated in the preceding examples, which are not corresponding the protocol name of the URL.
To use one of these protocols from a user-written application, programmatic SSL configuration
selection must be implemented.
-
Click Add to add the new connection to the set of SSL configuration connections.
To remove a connection, select it and click Remove.
-
Select an SSL configuration from the list.
-
Click Get certificate aliases to refresh the certificate aliases that are contained in
the associated key store.
-
Choose a certificate alias from the list.
-
Click OK and Save.
Results
WebSphere Application Server is ready to connect one or more SSL configurations to one or more
remote secure endpoints.
What to do next
You can return to the outbound tree and select another management scope to associate with
the same or a new outbound configuration.