IBM Tivoli Federated Identity Manager, Version 6.2.2

Setting up message security

Tivoli® Federated Identity Manager uses certificates (pairs of public and private keys) to secure messages.

Before establishing a federation, you and your partner must decide what security configurations to use within your federation. Then, you must create or request your certificates or obtain them from your partner, as appropriate, and import them into the Tivoli Federated Identity Manager key service.

Note: Instructions for configuring SSL-related certificates, such as server certificates, client certificates, and client authentication requirements are described in Setting up transport security. The topics in this chapter cover only message-level security, except for the topics related to preparing your keystores.

Use the following tasks to set up message security in your environment:

Prepare your keystores. See Preparing the keystores.
Discuss message security requirements with your partner and make a list of the keystores and certificates that each of you need. Consider using the checklists in Planning message-level security.
Obtain the necessary certificates for your environment. See Obtaining your keys and certificates.
Add your certificates into your keystores. See Adding your certificates to your keystore.
Obtain any certificates you need from your partner. See Obtaining a certificate from your partner.
Provide your partner with any of your certificates that might be needed by that partner. See Providing certificates to your partner.
If any of the certificates you use are PKCS#12 files, you must update your Java™ cryptography policy. See Updating the cryptography policy.
If you are setting up a production environment and do not use the default keystores and certificates, remove them so that they are not used unintentionally. See Removing default keystores.

Feedback