By using this configuration, you can configure a different
transport for inbound security versus outbound security.
Before you begin
Outbound transports refers to the transport that is
used to connect to a downstream server. When you configure the outbound
transport, consider the transports that the downstream servers support.
If you are considering Secure Sockets Layer (SSL), also consider including
the signers of the downstream servers in this server truststore file
for the handshake to succeed. When you
select an SSL configuration, that configuration points to keystore
and truststore files that contain the necessary signers.
When you select an SSL configuration, that configuration
points to keystore and truststore keyrings and keystore and truststore
files that contain the necessary signers.
If you configured client
certificate authentication for this server by completing the following
steps, then the downstream servers contain the signer certificate
belonging to the server personal certificate:
- Click Security > Global security.
- Under RMI/IIOP security, click CSIv2 outbound communications.
About this task
Complete the following steps to configure the outbound transport
panels.
Procedure
- Select the type of transport and the SSL settings by clicking .
Under RMI/IIOP security, click CSIv2
outbound communications. By selecting the type of transport,
you choose the transport to use when connecting to downstream servers.
The downstream servers support the transport that you choose. If you
choose SSL-Supported, the transport that is
used is negotiated during the connection. If both the client and server
support SSL, always select the SSL-Supported option
unless the request is considered a special request that does not require
SSL, such as if an object request broker (ORB) is a request.
- Select the SSL required option if
you want to use Secure Sockets Layer communications with the outbound
transport.
If you select the
SSL required option
or the
SSL-Supported option, you can select
either the
Centrally managed or
Use
specific SSL alias option.
- Centrally managed
- Enables you to specify an SSL configuration for particular scope
such as the cell, node, server, or cluster in one location. To use
the Centrally managed option, you must specify
the SSL configuration for the particular set of endpoints. The Manage
endpoint security configurations and trust zones panel displays all
of the inbound and outbound endpoints that use the SSL protocol. If
you expand the Inbound or Outbound section of the panel and click
the name of a node, you can specify an SSL configuration that is used
for every endpoint on that node. For an outbound transport, you can
override the inherited SSL configuration by specifying an SSL configuration
for a particular endpoint. To specify an SSL configuration for an
outbound transport, click and
expand Outbound.
- Use specific SSL alias
- Select the Use specific SSL alias option
if you intend to select one of the SSL configurations in the menu
under the option.
The default is DefaultSSLSettings.
To modify or create a new SSL configuration, complete the steps described
in Creating a Secure Sockets Layer configuration.
- Click Apply.
Results
The outbound transport configuration is complete. With this
configuration, you can configure a different transport for inbound
security versus outbound security. For example, if the application
server is the first server that is used by users, the security configuration
might be more secure. When requests go to back-end enterprise beans
servers, you might consider less security for performance reasons
when you go outbound. With this flexibility you can design a transport
infrastructure that meets your needs.
What to do next
When you finish configuring security, perform the following
steps to save, synchronize, and restart the servers.
- Click Save in the administrative console
to save any modifications to the configuration.
- Synchronize the configuration
with all node agents.
- Stop and restart all servers, after synchronization.