By using this configuration, you can configure a different transport for inbound security
versus outbound security.
Before you begin
Outbound transports refers to the transport that is used to connect to a downstream
server. When you configure the outbound transport, consider the transports that the downstream
servers support. If you are considering Secure Sockets Layer (SSL), also consider including the
signers of the downstream servers in this server truststore file for the handshake to succeed. When you select an SSL configuration, that configuration points to keystore
and truststore files that contain the necessary signers.
If you configured client certificate
authentication for this server by completing the following steps, then the downstream servers
contain the signer certificate belonging to the server personal certificate:
- Click Security > Global security.
- Under RMI/IIOP security, click CSIv2 outbound communications.
About this task
Complete the following steps to configure the outbound transport panels.
Procedure
-
Select the type of transport and the SSL settings by clicking Security > Global
security.
Under RMI/IIOP security, click CSIv2 outbound communications. By
selecting the type of transport, you choose the transport to use when connecting to downstream
servers. The downstream servers support the transport that you choose. If you choose
SSL-Supported, the transport that is used is negotiated during the
connection. If both the client and server support SSL, always select the
SSL-Supported option unless the request is considered a special request that
does not require SSL, such as if an object request broker (ORB) is a request.
-
Select the SSL required option if you want to use Secure Sockets Layer
communications with the outbound transport.
If you select the
SSL required option or the
SSL
supported option, you can select either the
Centrally managed or
Use specific SSL alias option.
- Centrally managed
- Enables you to specify an SSL configuration for particular scope such as the cell, node, server,
or cluster in one location. To use the Centrally managed option, you must
specify the SSL configuration for the particular set of endpoints. The Manage endpoint security
configurations and trust zones panel displays all of the inbound and outbound endpoints that use the
SSL protocol. If you expand the Inbound or Outbound section of the panel and click the name of a
node, you can specify an SSL configuration that is used for every endpoint on that node. For an
outbound transport, you can override the inherited SSL configuration by specifying an SSL
configuration for a particular endpoint. To specify an SSL configuration for an outbound transport,
click Security > SSL certificate and key management > Manage endpoint security
configurations and trust zones and expand Outbound.
- Use specific SSL alias
- Select the Use specific SSL alias option if you intend to select one of
the SSL configurations in the menu under the option. The default is
DefaultSSLSettings. To modify or create a new SSL configuration, complete the
steps described in Creating a Secure Sockets
Layer configuration.
-
Click Apply.
Results
The outbound transport configuration is complete. With this configuration, you can configure
a different transport for inbound security versus outbound security. For example, if the application
server is the first server that is used by users, the security configuration might be more secure.
When requests go to back-end enterprise beans servers, you might consider less security for
performance reasons when you go outbound. With this flexibility you can design a transport
infrastructure that meets your needs.
What to do next
When you finish configuring security, perform the following steps to save, synchronize, and
restart the servers.
- Click Save in the administrative console to save any modifications to the
configuration.
- Stop and restart all servers, after synchronization.