SSL

This section discusses the how the connector implements an SSL capability. For background information, see your SSL documentation. This section assumes a familiarity with SSL technology.

JSSE

The connector uses JSSE to provide support for HTTPS and SSL. IBM JSSE is shipped with the connector. To enable this capability, make sure you have the following entry in the java.security file that is among the files installed with the connector:

security.provider.5=com.ibm.jsse.IBMJSSEProvider

Note that java.security is located in the $ProductDir\lib\security directory of your connector installation. The connector uses the value of the JavaProtocolHandlerPackages connector property to set the system property java.protocol.handler.pkgs. Note that for the IBM JSSE that is shipped with the connector, the value of this property should be set to com.ibm.net.ssl.internal.www.protocol.

The JavaProtocolHandlerPackages configuration property defaults to this value.However, if you specify a different value for this system property, the connector uses that value during initialization. If you have not specified a value for java.protocol.handler.pkgs, the connector uses the default value during initialization.

During initialization, the connector disables all anonymous cipher suites supported by JSSE.

KeyStore and TrustStore

To use SSL with the connector, you must set up keystores and truststores. No tool is provided to set up keystores, certificates, and key generation. You must use third party software tools to complete these tasks.

SSL Properties

You can specify the following SSL connector-specific properties:

Note that these properties apply to a connector instance. The same set of SSL property values are used by all of the HTTPS protocol listeners plugged into the connector and by the HTTP-HTTPS protocol handler for each connector instance. For further information on HTTPS/SSL setup, see Appendix D, Configuring HTTPS/SSL.

SSL and the HTTPS protocol listener

To use the HTTPS protocol listener, you must specify SSL connector-specific properties. The values you assign to these properties should reflect your SSL requirements:

For further information on HTTPS/SSL setup, see Appendix D, Configuring HTTPS/SSL.

SSL and the HTTP-HTTPS protocol handler

If you are using SSL with the HTTP-HTTPS protocol handler, you must specify SSL connector-specific properties. The values you assign to these properties should reflect the HTTPS/SSL requirements of your HTTP provider:

For further information on HTTPS/SSL setup, see Appendix D, Configuring HTTPS/SSL.

Copyright IBM Corp. 1997, 2004