WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: z/OS

             Personalize the table of contents and search results
This topic applies only on the z/OS operating system.

Daemon Secure Sockets Layer

Use the administrative console panel to modify the port and Secure Sockets Layer (SSL) port settings and to specify the SSL settings (the SSL repertoire). The default repertoire is the same one used for the server, which is a SystemSSL IIOP repertoire. During daemon initialization the SSL usage initialization is attempted if security is enabled and a valid repertoire is found. In order to turn off the daemon SSL port a cell-level WebSphere variable (DAEMON_security_disable_daemon_ssl) must be created and set to true. The default for this variable is false.

SSL can be used to protect locations in the SSL daemon using the Location Service Daemon if:
On the administrative console, click System administration > Node groups > sysplex_node_group_name. Under Additional properties, click z/OS location service.
Location service daemon

This panel specifies the configuration settings for the location service daemon for this cell.  
Changes made to these settings to the entire cell and to the location service daemon instance 
on each node in the cell.

Job Name          BBODMNC                           Specifies z/OS jobname of location
                                                    service daemon.
Host Name         BOSSXXXX.PLEX1.L2.IBM.COM         Specifies host name to be used when 
                                                    contacting location service daemon.
Port              5755                              Specifies port location service daemon
                                                    listens on for unencrypted communication.
SSL Port          5756                              Specifies port location service daemon
                                                    listens on for encrypted communication.
SSL Setting       PLEX1Manager/DefaultIIOPSSL       Specifies a list of predefined SSL 
                                                    settings to choose from for connections.
                                                    These are configured at the SSL repertoire
                                                    panel.
You can use the customization dialog to specify authentication information, including the daemon's user ID, UID, and SSL port. This panel is located under Server Customization. RACF commands are generated to create a keyring for server use (the default is WASKeyring). The customization dialog generates the daemon keyring and the certificate. To generate the daemon keyring and certificate from the customization dialog, select Security Domain > SSL Customization > Enable SSL on the Location Service Daemon. If you type Y next to this option, the RACF commands are generated to do the following tasks:
Important: This option does not control the use of the daemon SSL.
This is appropriate if the user IDs are the same, but if the daemon has a separate user ID, see Setting up a Keyring for use by WebSphere Application Server for z/OS. The values selected are picked up by the administrative console.

If the daemon process is assigned the same MVS user ID assigned to a secure WebSphere Application Server, the keyring you use to secure WebSphere Application Server can also be used to secure daemon requests. If the daemon process is not assigned the same MVS user ID assigned to a secure WebSphere Application Server, it is recommended that you perform the daemon SSL setup similarly to the setup for your WebSphere Application Server. Modify the customization job commands generated in BBOCBRAK (or HLQ.DATA(BBODBRAK) on WebSphere Application Server Network Deployment) to perform the steps in Setting up a Keyring for use by WebSphere Application Server for z/OS.




Related concepts
Secure Sockets Layer security for WebSphere Application Server for z/OS
Related tasks
Setting up a keyring for use by Daemon Secure Sockets Layer
Creating a new System SSL repertoire alias
Concept topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/csec_daemonssl.html