Lesson 3.2: Add SSL properties to the catalog server properties file

The catalog server is running outside of WebSphere® Application Server, so you must configure the SSL properties in the server properties file.

About this task

The other reason to configure the SSL properties in the server properties file is because the catalog server has its own proprietary transport paths that cannot be managed by the WebSphere Application Server Common Secure Interoperability Protocol Version 2 (CSIV2) transport settings. Therefore, you must configure the Secure Sockets Layer (SSL) properties in the server properties file for the catalog server.

SSL properties in the catServer3.props file

alias=default
contextProvider=IBMJSSE2
protocol=SSL
keyStoreType=PKCS12
keyStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/key.p12 
keyStorePassword=WebAS
trustStoreType=PKCS12
trustStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/trust.p12
trustStorePassword=WebAS
clientAuthentication=false

The catServer3.props file is using the default WebSphere Application Server node level keystore and truststore. If you are deploying a more complex deployment environment, you must choose the correct keystore and truststore. In some cases, you must create a keystore and truststore and import the keys from keystores from the other servers. Notice that the WebAS string is the default password of the WebSphere Application Server keystore and truststore.

These entries are already included in the samples_home/security_extauth/catServer3.props file as comments. You can uncomment the entries and make the appropriate updates for your installation to the was_root, <deployment_manager_name>, <cell_name>, and <node_name> variables.

After configuring the SSL properties, change the transportType property value from TCP/IP to SSL-Required.

SSL properties in the client3.props file

You must also configure the SSL properties in the client3.props file because this file is used when you stop the catalog server that is running outside of WebSphere Application Server.

These properties have no effect on the client servers that are running in WebSphere Application Server because they are using the WebSphere Application Server Common Security Interoperability Protocol Version 2 (CSIV2) transport settings. However, when you stop the catalog server you must provide a client properties file on the stopOgServer command. Set the following properties in the <SAMPLES_HOME>/security_extauth/client3.props file to match the values specified above in the catServer3.props file:

#contextProvider=IBMJSSE2 
#protocol=SSL 
#keyStoreType=PKCS12 
#keyStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/key.p12  
#keyStorePassword=WebAS 
#trustStoreType=PKCS12 
#trustStore=/was_root/IBM/WebSphere/AppServer/profiles/
<deployment_manager_name>/config/cells/<cell_name>/nodes/
<node_name>/trust.p12 
#trustStorePassword=WebAS

As with the catServer3.props file, you can use the comments that are already provided in the samples_home/security_extauth/client3.props file with appropriate updates to was_root, <deployment_manager_name>, <cell_name>, and <node_name> variables to match your environment.

Lesson checkpoint

You configured the SSL properties for the catalog server.