Configuring SSL Settings for outbound communications

You can configure SSL settings for outbound communications in Liberty.

About this task

SSL configurations in Liberty can be used for both inbound and outbound communications. Liberty has an SSL configuration that is called defaultSSLConfig and that defines the default SSL settings for both inbound and outbound SSL connections. You might often need different SSL settings for outbound communications than what you need for inbound communications. On Liberty, you can configure different SSL settings by specifying an SSL configuration on the outboundSSLRef attribute on the sslDefault element.

Procedure

  1. Enable the transportSecurity-1.0 feature in the server.xml file. 
    <featureManager>
    <feature>transportSecurity-1.0</feature>
</featureManager>
  2. Add the outbound SSL entry to the server.xml file.

    The SSL configuration is set on the outboundSSLRef attribute in the sslDefault element.

    <sslDefault outboundSSLRef="alternateSSLSettings" />

<!-- SSL configuration for Inbound SSL connection-->
<ssl id="defaultSSLConfig" 
      keyStoreRef="defaultKeyStore" 
      trustStoreRef="defaultTrustStore" 
      
<keyStore id="defaultKeyStore" 
      location="key.jks" 
      type="JKS" 
      password="yourpassword" />

<keyStore id="defaultTrustStore"
      location="trust.jks" 
      type="JKS" 
      password="yourpassword" />

<!-- SSL configuration for outbound SSL connections-->
<ssl id="alternateSSLSettings" 
      keyStoreRef="alternateKeyStore" 
      trustStoreRef="alternateTrustStore" />     
          
<keyStore id="alternateKeyStore" 
      location="${server.config.dir}/alternateServerKeyFile.jks"
      type="JKS" 
      password="yourpassword" />

<keyStore id="alternateTrustStore" 
      location="${server.config.dir}/alternateServerTrustFile.jks" 
      type="JKS" 
      password="your password" />

    In this configuration, the SSL alternateSSLSettings configuration becomes the default outbound SSL configuration. Liberty features or applications that run on Liberty and make outbound SSL connections use the SSL configuration that is specified by the outboundSSLRef attribute. Most features provide an attribute that allows users to directly reference the required SSL configuration. If that attribute is specified, then it takes precedence over the outbound default that is set by the outboundSSLRef attribute.