SSL certificate and key management

Use this page to configure security for Secure Socket Layer (SSL) and key management, certificates, and notifications. The SSL protocol provides secure communications between remote server processes or endpoints. SSL security can be used for establishing communications inbound to and outbound from an endpoint. To establish secure communications, a certificate and an SSL configuration must be specified for the endpoint.

To view this administrative console page, click Security > SSL certificate and key management.

Configuration tab

Configuration settings

Specifies the following administrative console tasks:

Use Federal Information Processing Standard (FIPS) algorithms

Specifies the Federal Information Processing Standard (FIPS)-compliant Java cryptography engine is enabled.

When you select the Use the Federal Information Processing Standard (FIPS) option, the Lightweight Third Party Authentication (LTPA) implementation uses IBMJCEFIPS. IBMJCEFIPS supports the Federal Information Processing Standard (FIPS)-approved cryptographic algorithms for Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES). Although the LTPA keys are backwards compatible with prior releases of the application server, the LTPA token is not compatible with prior releases. In prior releases, the application server did not generate the LTPA token using a FIPS-approved algorithm.

The IBMJSSE2 JSSE provider does not perform cryptographic functions directly, and therefore does not need to be FIPS-approved. Instead, the IBMJSSE2 JSSE provider uses the JCE framework for cryptographic functions and uses IBMJCEFIPS when FIPS mode is enabled.

[HP-UX] Important: [Updated in July 2012] The IBMJSSE2 provider, which uses IBMJCEFIPS, is supported on the HP-UX platform. [Updated in July 2012]
jul2012
Default: Disabled

Dynamically update the runtime when SSL configuration changes occur

Specifies that all of the SSL-related attributes and LTPA keys that change must be read from the configuration dynamically after they have been saved, then reused for new connections. To avoid customer impact, it is recommended that changes to production servers be made during off-peak periods.

Default: Enabled

When this option is selected, the configuration is updated each time you configure an SSL communication.




Related tasks
Creating a Secure Sockets Layer configuration
Related reference
Manage endpoint security configurations
Manage certificate expiration settings
Notifications
SSL configurations collection
Dynamic inbound and outbound endpoint SSL configurations collection
Key stores and certificates collection
Key sets collection
Key set groups collection
Key managers collection
Trust managers collection
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 4:28:44 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-mp&topic=usec_sslseccomconf
File name: usec_sslseccomconf.html