After you create a Secure Sockets Layer (SSL) configuration, you
must associate a secure outbound management scope with the new configuration.
In this release, you can associate one SSL configuration with one remote
secure endpoint and a different SSL configuration to another remote secure
endpoint. Both endpoints can use the same outbound protocol, if appropriate.
This task describes how to create the association dynamically.
Before you begin
Dynamic outbound selection requires that you provide only the outbound
protocol name, the target host, and the target port so that WebSphere Application
Server can make a connection between the SSL configuration and the outbound
protocol or remote secure endpoint. The dynamic outbound selection method
takes precedence over other selection methods, such as central management
and direct selection, but is second to the programmatic method, that is, setting
an SSL configuration on the running thread. For more information about the
selection types and precedence rules, see
Secure communications using Secure Sockets Layer.
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management > Manage
endpoint security configurations > Outbound.
- Select the management scope that you want to associate with an
SSL configuration on the topology tree.
- Under Related Items, click Dynamic outbound endpoint SSL configurations.
The default dynamic outbound configuration name, the target protocol,
host, and port connection information, and the SSL configuration name display.
- Click New to create a new dynamic outbound configuration.
- Type a dynamic outbound configuration name. Use a name
that is descriptive of the purpose of the dynamic selection configuration.
- Optionally, type a dynamic selection configuration description.
- Type the connection information that you want to associate with
the configuration that is displayed in the SSL configuration drop-down list.
The connection information must be in the format protocol name, target
host, target port. You can substitute an asterisk (*) for any value,
as in the following examples:
- *,*,443
- *,www.ibm.com,443
- HTTP,.austin.ibm.com,*
where 443 is a port, www.ibm.com is a host, HTTP is a protocol, and .austin.ibm.com
is a target host. You can add multiple connections, but each additional connection
can affect outbound performance.
- Click Add to add the new connection to the set of SSL configuration
connections. To remove a connection, select it and click Remove.
- Select an SSL configuration from the list.
- Click Get certificate aliases to refresh the certificate
aliases that are contained in the associated key store.
- Choose a certificate alias from the list.
- Click OK and Save.
Results
WebSphere Application Server is ready to connect one or more SSL configurations
to one or more remote secure endpoints.
What to do next
You can return to the outbound tree and select another management
scope to associate with the same or a new outbound configuration.