WebSphere® Application Server provides dynamic
outbound selection that enables you to choose a specific Secure Sockets
Layer (SSL) configuration and certificate alias for each outbound
protocol, target host, target port, or any combination of these attributes.
You can specify the dynamic selection information for outbound connections
from a pure client or from a server that is acting as a client.
Before the SSL runtime for WebSphere Application Server
starts an outbound connection, the runtime attempts to match the outbound
protocol, target host, and target port attributes with the dynamic
outbound selection information that is associated with an SSL configuration
and certificate alias in the configuration.
The runtime caches both selection misses and selection hits, so
the impact on performance can be minimal. However, a relationship
exists between the amount of dynamic outbound selection information
and its impact on the initial connection performance.
Target information during outbound connections
The dynamic outbound selection configurations are only effective
when the outbound protocol uses the JSSEHelper application programming
interface (API) when you select an SSL configuration with a specified
connectionInfo hash map. This hash map must contain the following
properties:
- com.ibm.ssl.direction
- The value for outbound connections is OUTBOUND.
- com.ibm.ssl.remoteHost
- The format should match what the protocol provides. Typically
this is the canonical Domain Name Space (DNS), but it also could be
the IP address.
Avoid trouble: The name comparison is performed as a case-insensitive comparison.
There is no name resolution processing performed during the string
comparison.
gotcha
- com.ibm.ssl.remotePort
- The port is target port.
- com.ibm.ssl.endPointName
- The value for an outbound connection must be one of the following
protocol strings:
- IIOP
- HTTP
- SIP
- LDAP
- ADMIN_IPC
- ADMIN_SOAP
- BUS_TO_BUS
- BUS_CLIENT
- BUS_TO_WEBSPHERE_MQ
- WEBSPHERE_MQ_CLIENT