Configure runtime security services for client certificate
authentication used for authentication between WebSEAL and the Security
Access Manager for Mobile appliance interface.
About this task
The provided steps are specific to Security Web Gateway Appliance
version 7.0, but can be applied on the IBM Security Access Manager
version 7.0 software product (WebSEAL).
Procedure
- Create a client certificate for user easusercert.
- In the local management interface, go to .
- Select the pdsrv certificate database.
- Click .
- Click Personal Certificates.
- Click New to create a new personal certificate.
- Provide the following information:
- Certificate Label: easusercert
- Certificate Distinguished Name: cn=easuser
- Key Size: 2048
- Expiration Time (in days): 365
- Click Save.
- Deploy pending changes. See Deploying pending changes.
- Restart your reverse proxy instances.
- Export the client certificate.
- Select the pdsrv certificate database.
- Click .
- Click Personal Certificates.
- Select the easusercert certificate you
created.
- Click .
- Save the file.
- Import the exported personal certificate as a signer certificate
on the appliance. The signer of the client certificate needs to be
trusted. The certificate is self-signed. Importing the easusercert as
a signer certificate into the appliances allows that trust.
- Click .
- Select the rt_profiles_keys certificate
database.
- Click .
- Click Signer Certificates.
- Click .
- Click Browse.
- Browse to the directory that contains the file to be imported
and select the file. Click Open.
- Click Import. A message that indicates
successful import is displayed.
- Deploy pending changes. See Deploying pending changes.
- Configure the appliance for client certificate authentication.
- In the local management interface, go to .
- Select Accept Client Certificates.
- Click Edit and set the value as True.
- Restart the runtime.
What to do next
Run the
isamcfg tool and select
Certificate
authentication as the method of authentication between
WebSEAL and the Security Access Manager for Mobile appliance interface.
For more information, see
isamcfg Security Access Manager appliance configuration worksheet.