You can create a custom trust manager configuration at
any management scope and associate the new trust manager with a Secure
Sockets Layer (SSL) configuration.
About this task
Complete the following steps in the administrative console:
Procedure
- Decide whether you want to create the custom trust manager
at the cell scope or below the cell scope at the node, server, or
cluster, for example.
Important: When you create
a custom trust manager at a level below the cell scope, you can associate
it only with a Secure Sockets Layer (SSL) configuration at the same
scope or higher. An SSL configuration at a scope lower than the
trust manager does not see the trust manager configuration.
- To create a custom trust manager at the cell scope, click Security >
SSL certificate and key management > Trust managers. Every SSL
configuration in the cell can select the trust manager at the cell
scope.
- To create a custom trust manager at a scope below the cell
level, click Security > SSL certificate and key management > Manage
endpoint security configurations > {Inbound | Outbound} > ssl_configuration >
Trust managers.
- Click New to create a new custom trust manager.
- Type a unique trust manager name.
- Select the Custom implementation setting.
The
custom setting enables you to define a Java class
with an implementation of the javax.net.ssl.X509TrustManager Java interface and, optionally, the com.ibm.wsspi.ssl.TrustManagerExtendedInfo WebSphere Application Server interface.
Note: The
standard implementation setting applies only when the trust manager
is already defined in the Java security
provider list as a provider and an algorithm, which is not the case
for a custom trust manager.
- Type a class name, for example, com.ibm.test.CustomTrustManager.
- Select one of the following actions:
- Click Apply, then click Custom properties under
Additional Properties to add custom properties to the new custom trust
manager. When you are finished adding custom properties, click OK and Save,
then go to the next step.
- Click OK and Save, then go to the next step.
- Click SSL certificate and key management in the
page navigation.
- Select one of the following actions:
- Click SSL configurations under Related Items for a
cell-scoped SSL configuration.
- Click Manage endpoint security configurations to select
an SSL configuration at a lower scope.
- Click the link for the existing SSL configuration that you want to associate with the new
custom trust manager.
- Click Trust and Key managers under Additional Properties.
If the new custom trust manager is not listed in the Additional
ordered trust managers list, verify that you selected an SSL configuration
scope that is at the same level or below the scope that you selected
in Step 8.
- Click Add.
This action adds the new trust
manager to the list of custom trust managers.
- Click OK and Save.
Results
You have created a custom trust manager configuration that
references a JAR file in the install directory of WebSphere Application
Server and associates it with an SSL configuration during the connection
handshake.
What to do next
You can create a custom trust manager for a pure client. For more information, see the
TrustManagerCommands command group for the AdminTask
object topic.