The bcgssl.jacl script does not work for the Simple Distributed and Full Distributed modes. The keystore and truststore need to be configured manually.
An enhancement to bcgssl.jacl script is required.
Resolving the problem
The keystore and truststore must be set manually in the Distributed and Full Distributed topology. bcgssl.jacl script sets the keystore and truststore as the NodeDefaultKeyStore and NodeDefaultTrustStore. The new keystore and truststore can be set for the Node as follows using WAS Admin Console:
- Create a keystore in the WAS Admin Console. Refer to the subsection "Creating a keystore configuration" in the WAS documentation section "Securing applications and their environment.”. The keystore file should be located in <Deployment Manager installation directory>/wasND/Profiles/bcgdmgr/config/cells/wpgCell/nodes/<node_name>/ directory.
- Create a truststore. Refer to the subsection "Creating a keystore configuration" in the WAS documentation section "Securing applications and their environment". . The truststore file should be located in <Deployment Manager installation directory>/wasND/Profiles/bcgdmgr/config/cells/wpgCell/nodes/<node_name>/ directory.
- In the SSL server configuration NodeDefaultSSLSettings, set keystore and truststore to the keystore and truststore created in the preceding steps. Select the required alias to be used for server authentication in keystore. The SSL server configuration can be found by navigating to Security > SSL Certificate and Key Management > Manage endpoint security configurations > <node> > SSL configurations > NodeDefaultSSLSettings.
- NodeDefaultSSLSettings should be configured for the node. Go to Security > SSL Certificate and Key Management > Manage endpoint security configurations. Click on the node. In the next console page, verify that the checkbox “Override inherited values” is checked and NodeDefaultSSLSettings is selected as the SSL configuration to be used. Click Update certificate aliases list to retrieve the list of aliases and select the required alias in the list “Certificate alias in key store”. Click OK.
- On the next console page, click Save to save to the master configuration.
- Restart the server.
The above steps should configure the new keystore and truststore to be used for SSL connection to the servers running in the node. It is assumed that the SSL configuration at the node level is not overridden at the server level.
|Business Integration||WebSphere Partner Gateway Enterprise Edition||AIX, HP-UX, Linux, Linux iSeries, Linux pSeries, Solaris, Windows||6.1.0|