Configuring SSL (TLS) for a Liberty JVM server using a Java keystore

You can configure a Liberty JVM server to use SSL for data encryption, and optionally authenticate with the server by using a client certificate. Certificates can be stored in a Java™ keystore or in a SAF key ring such as in RACF®.

About this task

Enabling SSL in a Liberty JVM server requires adding the transportSecurity-1.0 Liberty feature, a keystore, and an HTTPS port. CICS® automatically creates and updates the server.xml file. Autoconfiguring always results in the creation of a Java keystore.

It is important to understand that any web request to a Liberty JVM server uses the JVM support for TCP/IP sockets and SSL processing, not CICS sockets domain.


To use autoconfigure to configure SSL, complete the following steps:
  1. Ensure autoconfigure is enabled in the JVM profile by using the JVM system property
  2. Set the SSL port by setting the JVM system property in the JVM profile.
  3. Restart the JVM server to add the necessary configuration elements to server.xml.


SSL for a Liberty JVM server is successfully configured.