IBM WebSphere Application Server inter-operates with the previous
product versions. Use this topic to configure this behavior.
Before you begin
Interoperability
is achieved using the z/SAS security mechanism for local OS and SAF-based
authorization.
Important:
Procedure
-
If Secure Sockets Layer (SSL) is configured on a previous product version,
your servers must have a basis to establish trust. Using Resource Access Control
Facility (RACF), your system can check to ensure that the intermediate server
can be trusted. To confer this level of trust, CBIND authorization is granted
by administrators to RACF user IDs that run secure system code. System SSL
repertoires use a System Authorization Facility (SAF) keyring to retrieve
the personal certificate and trust stores. You must connect the trust basis
for the server certificates of the previous version server with the keyring
of the current server version. Note that in a default setup, the server certificate
refers to the certificate authority certificate in the previous statement.
- Extract and add server certificates into
the server key ring file of the previous version.
- Open the server key ring file using the key management utility
(iKeyman) and extract the server certificate to a file.
- Open the server key ring of the previous product version, using
the key management utility and add the certificate that is extracted from
your current version of WebSphere Application Server.
-
Extract and add trust certificates into the trust key ring file of the
previous product version.
- Open the trust key ring file using the key management utility
and extract the trust certificate to a file.
- Open the trust key ring file of the previous product version
using the key management utility and add the certificate that is extracted
from the product.
- If single sign-on (SSO) is enabled, export
keys from the product and import them into the previous product version.
Note: It is also possible to export keys from some previous product
versions and import them to the current version.
- Verify that the application uses the correct
Java Naming and Directory Interface (JNDI) name.
- Stop and restart all the servers.
- Make sure that the correct naming bootstrap
port is used to perform naming lookup.