The catalog server has its own proprietary
transport
paths that cannot be managed by the WebSphere® Application Server Common Secure Interoperability
Protocol Version 2 (CSIV2) transport settings. Therefore, you must
configure the Secure Sockets Layer (SSL) properties in the server
properties file for the catalog server.
To configure catalog server security, additional
steps are
necessary because the catalog server has its own proprietary transport
paths. These transport paths cannot be managed by the Application
Server CSIV2 transport settings.
- Edit
the SSL properties in the catServer2.props file. To configure catalog server security, uncomment the following
SSL properties in the catalog server properties file. For this tutorial,
the catalog server properties are in the catServer2.props file.
Update the keyStore and trustStore properties to refer to the proper
location in your environment.
#alias=default
#contextProvider=IBMJSSE2
#protocol=SSL
#keyStoreType=PKCS12
#keyStore=/<WAS_HOME>/IBM/WebSphere/AppServer/profiles/<DMGR_NAME>/config/
cells/<CELL_NAME>/nodes/<NODE_NAME>/key.p12
#keyStorePassword=WebAS
#trustStoreType=PKCS12
#trustStore=/<WAS_HOME>/IBM/WebSphere/AppServer/profiles/<DMGR_NAME>/config/
cells/<CELL_NAME>/nodes/<NODE_NAME>/trust.p12
#trustStorePassword=WebAS
#clientAuthentication=false
The catServer2.props file is using
the default WebSphere Application Server node
level keystore and truststore. If you are deploying a more complex
deployment environment, you must choose the correct keystore and truststore.
In some cases, you must create a keystore and truststore and import
the keys from keystores from the other servers. Notice that the WebAS string
is the default password of the WebSphere Application Server keystore
and truststore. See Default self-signed certificate configuration for
more details.
- In the catServer2.props file,
update
the value of the transportType property. For previous
steps of the tutorial, the value was set to TCP/IP.
Change the value to SSL-Required.
- Restart the deployment manager to activate the changes
to the catalog server security settings.