Configuring SSL (TLS) for a Liberty JVM server using a Java keystore
You can configure a Liberty JVM server to use SSL for data encryption, and optionally authenticate with the server by using a client certificate. Certificates can be stored in a Java™ keystore or in a SAF key ring such as RACF®.
About this task
Enabling SSL in a Liberty JVM server requires adding the ssl-1.0 Liberty feature, a keystore, and an HTTPS port. CICS® automatically creates and updates the server.xml file. Autoconfiguring always results in the creation of a Java keystore.
It is important to understand that any web request to a Liberty JVM server uses the JVM support for TCP/IP sockets and SSL processing, not CICS sockets domain.
Procedure
To use autoconfigure to configure SSL, complete the following steps:
- Ensure autoconfigure is enabled in the JVM profile by using the JVM system property -Dcom.ibm.cics.jvmserver.wlp.autoconfigure=true.
- Set the SSL port by setting the JVM system property -Dcom.ibm.cics.jvmserver.wlp.server.https.port in the JVM profile.
- Restart the JVM server to add the necessary configuration elements to server.xml.