Securing communications with Liberty

Communications are secured with Secure Sockets Layer (SSL) protocol. The SSL protocol provides transport layer security including authenticity, data signing, and data encryption to ensure a secure connection between a client and server that uses WebSphere® Application Server. The foundation technology for SSL is public key cryptography, which guarantees that when an entity encrypts data using its public key, only entities with the corresponding private key can decrypt that data. The Liberty Server uses Java™ Secure Sockets Extension (JSSE) as the SSL implementation for secure connections. JSSE handles the handshake negotiation and protection capabilities that are provided by SSL to ensure that secure connectivity exists across most protocols. JSSE relies on X.509 certificate-based asymmetric key pairs for secure connection protection and some data encryption. Key pairs effectively encrypt session-based secret keys that encrypt larger blocks of data. The SSL implementation manages the X.509 certificates.

To configure secure communications, you can either specify a minimal SSL configuration or a detailed SSL configuration in the server.xml file. The minimal configuration only requires the SSL feature and a keystore entry to be specified. There are several security configuration examples on the Open Liberty website for reference when configuring security for your applications on Liberty.

The SSL configuration that is designated as the default SSL configuration is used to create the process's default SSLContext by using the SSLContext.setDefault() method. The default SSL configuration can be the minimal SSL configuration, or the configuration that is identified by the sslRef attribute on the sslDefault element if multiple SSL configurations are defined. Because the default SSLContext is set on the process, the javax.net.ssl.keyStore and javax.net.ssl.trustStore properties will not be recognized.