SSL certificate and key management

Specifies the following administrative console tasks:

• Manage endpoint security configurations
• Manage certificate expiration

Specifies the Federal Information Processing Standard (FIPS)-compliant Java™ cryptography engine is enabled.

• Does not affect the SSL cryptography that is performed by the application server for z/OS® System Secure Sockets Layer (SSSL).
• Does not change the JSSE provider if this cell includes any Application Server versions before the application server for z/OS Version 6.0.x.

When you select the Use the Federal Information Processing Standard (FIPS) option, the Lightweight Third Party Authentication (LTPA) implementation uses IBMJCEFIPS. IBMJCEFIPS supports the Federal Information Processing Standard (FIPS)-approved cryptographic algorithms for Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES). Although the LTPA keys are backwards compatible with prior releases of the application server, the LTPA token is not compatible with prior releases. In prior releases, the application server did not generate the LTPA token using a FIPS-approved algorithm.

The IBMJSSE2 JSSE provider does not perform cryptographic functions directly, and therefore does not need to be FIPS-approved. Instead, the IBMJSSE2 JSSE provider uses the JCE framework for cryptographic functions and uses IBMJCEFIPS when FIPS mode is enabled.

Important: . However, the IBMJSSE2 provider, which uses IBMJCEFIPS, is supported on the HP-UX platform.

Specifies that all of the SSL-related attributes and LTPA keys that change must be read from the configuration dynamically after they have been saved, then reused for new connections. To avoid customer impact, it is recommended that changes to production servers be made during off-peak periods.

When this option is selected, the configuration is updated each time you configure an SSL communication.