Migrating, coexisting, and interoperating – Security considerations

Use this topic to migrate the security configuration of previous WebSphere Application Server releases and its applications to the new installation of WebSphere Application Server.

Before you begin

This information addresses the need to migrate your security configurations from a previous release of IBM WebSphere Application Server to WebSphere Application Server Version 6.1 or later. Complete the following steps to migrate your security configurations:

  • If security is enabled in the previous release, obtain the administrative server ID and password of the previous release. This information is needed in order to run certain migration jobs.
  • You can optionally disable security in the previous release before migrating the installation. No logon is required during the installation.

Procedure

Use the First steps wizard to access and run the Migration wizard.
  1. Start the First steps wizard by launching the firststeps.bat or the firststeps.sh file. The first steps file is located in the following directory:
  2. On the First steps wizard panel, click Migration wizard.
  3. Follow the instructions provided in the First steps wizard to complete the migration.

For more information on the Migration wizard, see Using the migration wizard to migrate product configurations.

Results

The security configuration of previous WebSphere Application Server releases and its applications are migrated to the new installation of WebSphere Application Server Version 6.1.

What to do next

If a custom user registry is used in the previous version, the migration process does not migrate the class files that are used by the standalone custom registry in the previous app_server_root/classes directory. Therefore, after migration, copy your custom user registry implementation classes to the app_server_root/classes directory.

If you upgrade from WebSphere Application Server, Version 5.x to WebSphere Application Server, Version 6.1, the data that is associated with Version 5.x trust associations is not automatically migrated to Version 6.1. To migrate trust associations, see Migrating trust association interceptors.

Vender-specific signer certificates, such as VeriSign and Thawte, are no longer included in the default truststore for WebSphere Application Server. To have these signer certificates available after migration, you must import them into the Application Server. To import signer certificates using the administration console, navigate to Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Add.

For WebSphere Application Server Version 6.1.x, the default keystore type has changed from JKS to PKCS12. If the keystore Types are not changed to PKCS12 after the migration. you may encounter errors when accessing the keystore. The Type can be changed to PKCS12 using the administrative console. To change the Type, click Security > SSL certificate and key management > Manage endpoint security configurations > {Inbound | Outbound SSL_configuration_name}. Under Related Items, click Key stores and certificates and then the name of a specific keystore to show the details of that keystore. From this keystore details panel, change the Type to be PKCS12.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 30, 2013 4:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-base-dist&topic=tsecmigrate
File name: tsec_migrate.html