After you create a Secure Sockets Layer (SSL) configuration,
you must associate a secure outbound management scope with the new
configuration. In this release, you can associate one SSL configuration
with one remote secure endpoint and a different SSL configuration
to another remote secure endpoint. Both endpoints can use the same
outbound protocol, if appropriate. This task describes how to create
the association dynamically.
Before you begin
Dynamic outbound selection requires that you provide only
the outbound protocol name, the target host, and the target port so
that WebSphere Application Server can make a connection between the
SSL configuration and the outbound protocol or remote secure endpoint.
The dynamic outbound selection method takes precedence over other
selection methods, such as central management and direct selection,
but is second to the programmatic method, that is, setting an SSL
configuration on the running thread. For more information about the
selection types and precedence rules, see
Secure communications using Secure Sockets Layer.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management
> Manage endpoint security configurations > Outbound.
- Select the management scope that you want to associate
with an SSL configuration on the topology tree.
- Under Related Items, click Dynamic outbound endpoint
SSL configurations. The default dynamic outbound configuration
name, the target protocol, host, and port connection information,
and the SSL configuration name display.
- Click New to create a new dynamic outbound configuration.
- Type a dynamic outbound configuration name. Use a name that is descriptive of the purpose of the dynamic selection
configuration.
- Optionally, type a dynamic selection configuration description.
- Type the connection information that you want to associate
with the configuration that is displayed in the SSL configuration
drop-down list. The connection information must be in
the format protocol name, target host, target port. You can substitute an asterisk (*) for any value, as in the following
examples, where 443 is a port, www.mycompany.com is a host, HTTP is
a protocol, and .hometown.mycompany.com is a target host. You can
add multiple connections, but each additional connection can affect
outbound performance.
- *,*,443
- *,www.mycompany.com,443
- HTTP,.hometown.mycompany.com,*
-
*,*,*
Avoid trouble: Do not use this configuration because it matches all outbound specifications.
Therefore, no other SSL configuration is used for outbound connections.
gotcha
![[Updated in May 2011]](../../deltaend.gif)
may2011
- Click Add to add the new connection to the set of
SSL configuration connections. To remove a connection,
select it and click Remove.
- Select an SSL configuration from the list.
- Click Get certificate aliases to refresh the certificate
aliases that are contained in the associated key store.
- Choose a certificate alias from the list.
- Click OK and Save.
Results
WebSphere Application Server is ready to connect one or more
SSL configurations to one or more remote secure endpoints.
What to do next
You can return to the outbound tree and select another management
scope to associate with the same or a new outbound configuration.