By using this configuration, you can configure a different transport
for inbound security versus outbound security.
Before you begin
Outbound transports refers to the transport that is used to
connect to a downstream server. When you configure the outbound transport,
consider the transports that the downstream servers support. If you are considering
Secure Sockets Layer (SSL), also consider including the signers of the downstream
servers in this server truststore file for the handshake to succeed.
When
you select an SSL configuration, that configuration points to keystore and
truststore keyrings and keystore and truststore files that contain the necessary
signers.
If you configured client certificate authentication for this server
by completing the following steps, then the downstream servers contain the
signer certificate belonging to the server personal certificate:
- Click Security > Global security.
- Under Authentication, click Authentication protocols > CSIv2 outbound
authentication.
About this task
Complete the following steps to configure the outbound transport
panels.
Procedure
- Select the type of transport and the SSL settings
by clicking Security > Global security. Under Authentication, click Authentication
Protocol > CSIv2 Outbound Transport. By selecting the type of transport,
you choose the transport to use when connecting to downstream servers. The
downstream servers support the transport that you choose. If you choose SSL-Supported,
the transport that is used is negotiated during the connection. If both the
client and server support SSL, always select the SSL-Supported option
unless the request is considered a special request that does not require SSL,
such as if an object request broker (ORB) is a request.
- Click Security > SSL to specify the
SSL settings that correspond to the SSL transport.
Verify that the truststore keyring
file in the selected SSL configuration contains the signers for any downstream
servers. Also, verify that the downstream servers contain the server signer
certificates when outbound client certificate authentication is used.
Results
The outbound transport configuration is complete. With this configuration,
you can configure a different transport for inbound security versus outbound
security. For example, if the application server is the first server used
by end users, the security configuration might be more secure. When requests
go to back-end enterprise beans servers, you might consider less security
for performance reasons when you go outbound. With this flexibility you can
design a transport infrastructure that meets your needs.
What to do next
When you finish configuring security, perform the following steps
to save, synchronize, and restart the servers.
- Click Save in the administrative console to save any modifications
to the configuration.
- Stop and restart all servers, after synchronization.