WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

Common Secure Interoperability Version 2 transport inbound settings

Use this page to specify which listener ports to open and which Secure Sockets Layer (SSL) settings to use. These specifications determine which transport a client or upstream server uses to communicate with this server for incoming requests.

To view this administrative console page, complete the following steps:
  1. Click Security > Secure administration, applications, and infrastructure.
  2. Under Authentication, click RMI/IIOP security > CSIv2 inbound transport.

Configuration tab

Transport

Specifies whether client processes connect to the server using one of its connected transports.

You can choose to use either Secure Sockets Layer (SSL), TCP/IP or both as the inbound transport that a server supports. If you specify TCP/IP, the server only supports TCP/IP and cannot accept SSL connections. If you specify SSL-supported, this server can support either TCP/IP or SSL connections. If you specify SSL-required, then any server communicating with this one must use SSL.

If you specify SSL-supported or SSL-required, decide which set of SSL configuration settings you want to use for the inbound configuration. This decision determines which key file and trust file are used for inbound connections to this server.

[z/OS] Note: This option is not available on the z/OS platform unless there are both Version 6.0.x and earlier nodes in the cell.
TCP/IP
If you select TCP/IP, then the server opens a TCP/IP listener port only and all inbound requests do not have SSL protection.
SSL-required
If you select SSL-required, then the server opens an SSL listener port only and all inbound requests are received using SSL.
[This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.]
Important: If you set the active authentication protocol to CSI and SAS, then the server opens a TCP/IP listener port for the Secure Authentication Service (SAS) protocol regardless of this setting.
Only an SSL listener port is opened, and all requests come through SSL connections. If you choose SSL-required, you must also choose CSI as the active authentication protocol. If you choose CSI and SAS, SAS requires an open TCP/IP socket for some special requests.
Important: SAS is supported only between Version 6.0.x and previous version servers that have been federated in a Version 6.1 cell.
SSL-supported
If you select SSL-supported, then the server opens both a TCP/IP and an SSL listener port and most inbound requests are received using SSL.

[This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.] By default, SSL ports for Common Secure Interoperability Version 2 (CSIv2) and Security Authentication Service (SAS) are dynamically generated. In cases where you need to fix the SSL ports on application servers, click Servers > Application Servers > server_name. Under Additional properties, click Endpoint listeners.

Provide a fixed port number for the following ports. A zero port number indicates that a dynamic assignment is made at runtime. [AIX HP-UX Linux Solaris Windows] [i5/OS]

CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS
CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS
SAS_SSL_SERVERAUTH_LISTENER_ADDRESS

[z/OS]

ORB_SSL_LISTENER_ADDRESS

Default: SSL-Supported
Range: TCP/IP, SSL Required, SSL-Supported
SSL settings

Specifies a list of predefined SSL settings to choose from for inbound connections.

[z/OS] Note: This option is not available on the z/OS platform unless there are both Version 6.0.x and earlier nodes in the cell.
[AIX HP-UX Linux Solaris Windows] [i5/OS] [This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.] Note: This option is available for non-z/OS platform servers when there is a version 6.0.x server in your environment. However, if your environment contains only Version 6.1 servers, this option does not apply.
These settings are configured at the SSL Repertoire panel. To access the SSL Repertoire panel, complete the following steps:
  1. Clicking Security > SSL certificate and key management.
  2. Under configuration settings, click Manage endpoint security configurations and trust zones.
  3. Expand Inbound and click inbound_configuration.
  4. Under Related items, click SSL configurations.
Data type: String
[AIX HP-UX Linux Solaris Windows] [i5/OS] Default: DefaultSSLSettings
[z/OS] Default: DefaultIIOPSSL
Range: Any SSL settings configured in the SSL Configuration Repertoire
Centrally managed

Specifies that the selection of an SSL configuration is based upon the outbound topology view for the Java Naming and Directory Interface (JNDI) platform.

Centrally managed configurations support one location to maintain SSL configurations rather than spreading them across the configuration documents.

Default: Enabled
Use specific SSL alias

Specifies the SSL configuration alias to use for LDAP outbound SSL communications.

This option overrides the centrally managed configuration for the JNDI platform.

z/OS SSL settings [This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.]

Specifies a list of predefined Secure Sockets Layer (SSL) settings for inbound connections. Configure these settings on the SSL panel by clicking Secure communications on the administrative console.




Related tasks
Configuring inbound transports
Reference topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/usec_inboundconn.html