You can create a custom trust manager configuration at any management scope and associate
the new trust manager with a Secure Sockets Layer (SSL) configuration.
About this task
Complete the following steps in the administrative console:
Procedure
- Decide whether you want to create the custom trust manager at the cell scope or below the
cell scope at the node, server, or cluster, for example.
Important: When you create a custom trust manager at a level below the cell scope, you
can associate it only with a Secure Sockets Layer (SSL) configuration at the same scope or higher.
An SSL configuration at a scope lower than the trust manager does not see the trust manager
configuration.
- To create a custom trust manager at the cell scope, click Security > SSL certificate and
key management > Trust managers. Every SSL configuration in the cell can select the trust
manager at the cell scope.
- To create a custom trust manager at a scope below the cell level, click Security > SSL
certificate and key management > Manage endpoint security configurations > {Inbound | Outbound} >
ssl_configuration > Trust managers.
- Click New to create a new custom trust manager.
- Type a unique trust manager name.
- Select the Custom implementation setting.
The custom setting enables
you to define a Java class with an implementation of the javax.net.ssl.X509TrustManager Java interface and, optionally,
the com.ibm.wsspi.ssl.TrustManagerExtendedInfo WebSphere Application Server interface.
Note: The standard
implementation setting applies only when the trust manager is already defined in the Java security
provider list as a provider and an algorithm, which is not the case for a custom trust
manager.
- Type a class name, for example, com.ibm.test.CustomTrustManager.
- Select one of the following actions:
- Click Apply, then click Custom properties under Additional Properties to add
custom properties to the new custom trust manager. When you are finished adding custom properties,
click OK and Save, then go to the next step.
- Click OK and Save, then go to the next step.
- Click SSL certificate and key management in the page
navigation.
- Select one of the following actions:
- Click SSL configurations under Related Items for a cell-scoped SSL
configuration.
- Click Manage endpoint security configurations to select an SSL configuration at a
lower scope.
- Click the link for the existing SSL configuration that you want to associate with the new
custom trust manager.
- Click Trust and Key managers under Additional Properties.
If the new custom trust manager is not listed in the Additional ordered trust managers
list, verify that you selected an SSL configuration scope that is at the same level or below the
scope that you selected in Step 8.
- Click Add.
This action adds the new trust manager to the list of custom
trust managers.
- Click OK and Save.
Results
You have created a custom trust manager configuration that references a JAR file in the
install directory of WebSphere Application Server and associates it with an SSL configuration during the connection
handshake.
What to do next
You can create a custom trust manager for a pure client. For more information, see the
TrustManagerCommands command group for the AdminTask
object topic.