After you create a Secure Sockets Layer (SSL) configuration,
you must associate a secure outbound management scope with the new
configuration. In this release, you can associate one SSL configuration
with one remote secure endpoint and a different SSL configuration
to another remote secure endpoint. Both endpoints can use the same
outbound protocol, if appropriate. This task describes how to create
the association dynamically.
Before you begin
Dynamic outbound selection requires that you provide only
the outbound protocol name, the target host, and the target port so
that WebSphere® Application Server can make a
connection between the SSL configuration and the outbound protocol
or remote secure endpoint. The dynamic outbound selection method takes
precedence over other selection methods, such as central management
and direct selection, but is second to the programmatic method, that
is, setting an SSL configuration on the running thread. For more information
about the selection types and precedence rules, see Secure communications using Secure Sockets Layer (SSL).
About this task
Complete the following steps in the administrative console:
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations > Outbound.
- Select the management scope that you want to associate
with an SSL configuration on the topology tree.
- Under Related Items, click Dynamic outbound endpoint
SSL configurations.
The default dynamic outbound configuration
name, the target protocol, host, and port connection information,
and the SSL configuration name display.
- Click New to create a new dynamic outbound configuration.
- Type a dynamic outbound configuration name.
Use
a name that is descriptive of the purpose of the dynamic selection
configuration.
- Optionally, type a dynamic selection configuration description.
- Type the connection information that you want to associate
with the configuration that is displayed in the SSL configuration
drop-down list.
The connection information must be in
the format
protocol name,
target host,
target port.
You can substitute an asterisk (*) for any value, as in the following
examples, where 443 is a port, www.mycompany.com is a host, HTTP is
a protocol, and .hometown.mycompany.com is a target host. You can
add multiple connections, but each additional connection can affect
outbound performance.
Avoid trouble:
- Unless the intention is to set the protocol property through the
JSSEHelper API, the protocol filter should be set to * (as in the
first two examples). See "Dynamic Selection" in Secure communications using Secure Sockets Layer (SSL) for more
information.
- The connection protocols that are used for dynamic outboud SSL
configuration selection, that are illustrated in the preceding examples,
which are not corresponding the protocol name of the URL. To use one
of these protocols from a user-written application, programmatic SSL
configuration selection must be implemented.
- Click Add to add the new connection to the set of
SSL configuration connections.
To remove a connection,
select it and click Remove.
- Select an SSL configuration from the list.
- Click Get certificate aliases to refresh the certificate
aliases that are contained in the associated key store.
- Choose a certificate alias from the list.
- Click OK and Save.
Results
WebSphere Application Server is ready to
connect one or more SSL configurations to one or more remote secure
endpoints.
What to do next
You can return to the outbound tree and select another management
scope to associate with the same or a new outbound configuration.