Configure SSL Settings
To configure SSL, set the following in your jython file:
#---------------------------------------------------
# SSL: Install SSL config by setting the following
# parameter to true
#---------------------------------------------------
installSSL = "true"
Configuring key and trust stores
#---------------------------------------------------
# SSL Key Store:
# If empty an empty keystore is created
# If populated with a private key, the key
# defined by sslServerKeyAlias is imported
#---------------------------------------------------
sslKeyStoreName = "@@clusterName@@_keyfile"
sslKeyStoreLocation = "@@wasDmHome@@/etc/@@clusterName@@_keyfile.jks"
sslKeyStoreType = "JKS"
sslKeyStorePassword = "password"
#---------------------------------------------------
# SSL Trust store:
# If empty an empty truststore is created
# If populated with a public key, the key
# defined by sslClientKeyAlias is imported
#---------------------------------------------------
sslTrustStoreName = "@@clusterName@@_trustfile"
sslTrustStoreLocation = "@@wasDmHome@@/etc/@@clusterName@@_trustfile.jks"
sslTrustStoreType = "JKS"
sslTrustStorePassword = "password"
Key and trust store scopes
#---------------------------------------------------
# SSL Scope: Scope for these SSL settings.
#
# Scope examples:
# CELL: (cell):wastst04Network
# CLUSTER: (cell):wastst04Network:(cluster):T2VMServerSysTst00
# ENDPOINT: (cell):wastst04Network:(node):p09503gens03:(server):T2VMServerSysTst00:(endpoint):WC_defaulthost_secure
#---------------------------------------------------
sslKeyStoreScopeName = "(cell):@@cellName@@"
sslConfigScopeName = "(cell):@@cellName@@"
SSL Configuration Alias
#---------------------------------------------------
# SSL: Config alias
#
#---------------------------------------------------
sslConfigAlias = "RDDefaultSettings"
sslClientKeyAlias = "rdserverkey"
sslServerKeyAlias = "rdserverkey"
sslCertAlias = "rdserverkey"
sslSignerCertAlias = "rdserverct"
For multiple SSL configurations
#---------------------------------------------------
# - The alias is mandatory.
# - The default assignations are as shown.
# > The value in the comment is the default value.
#
# * Increment "_1" for multiple creation.
#---------------------------------------------------
sslConfigAlias_1
sslKeyManagerName_1 = sslKeyManagerName # = "IbmX509"
sslClientKeyAlias_1 = sslClientKeyAlias # = "glsiserverprod"
sslServerKeyAlias_1 = sslServerKeyAlias # = "glsiserverprod"
sslClientAuth_1 = sslClientAuth # = "false"
sslProtocol_1 = sslProtocol # = "SSL_TLS"
sslSecurityLevel_1 = sslSecurityLevel # = "HIGH"
sslCiphers_1 = sslCiphers # = "SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5"
sslConfigScopeName_1 = sslConfigScopeName
Dynamic outbound SSL configuration
#---------------------------------------------------
# SSL: Dynamic configuration for outbound web
# services calls
#---------------------------------------------------
installSSLDynamicConfig = "true"
sslDynamicConfigSelectionName = "DEFAULTSSLOutbound"
sslDynamicConfigDescription = "Outbound Config"
sslDynamicConfigInfo = "SOAP,mvcloud04,1099"
installSSLConfigGroups = "true"
For multiple Dynamic outbound SSL configurations
#---------------------------------------------------
# - The selection name is mandatory.
# - The default assignations are as shown.
# > The value in the comment is the default value.
#
# * Increment "_1" for multiple creation.
#---------------------------------------------------
dynSSLConfigSelectionName_1
dynSSLConfigScopeName_1 = sslConfigScopeName
dynSSLConfigSelectionDescription_1 = sslDynamicConfigDescription # = "Outbound Config"
dynSSLConfigSelectionInfo_1 = sslDynamicConfigInfo # = "SOAP,mvmdev04,1099"
dynSSLConfigSSLConfigAlias_1 = sslConfigAlias # "RDDefaultSettings"
dynSSLConfigSSLConfigScope_1 = sslConfigScopeName
dynSSLConfigCertAlias_1 = sslCertAlias
Configuring SSL Certificates
#---------------------------------------------------
# SSL Additional Certificates (public/private).
# These will be imported from the specified files into
# the sslTrustStoreName sslKeyStoreName respectively.
#---------------------------------------------------
# Import Public keys to the trust store (will be imported into sslTrustStoreName)
sslSignerCertFilePath_1 = "@@wasDmHome@@/etc/cert_@@cellName@@_@@clusterName@@"
sslSignerCertAlias_1 = "rdserverct"
# Import trusted certificates to the trust store (will be imported into sslTrustStoreName)
sslTrustedCertFilePath_1 = "@@wasDmHome@@/etc/trusted_cert_@@cellName@@_@@clusterName@@"
sslTrustedCertAlias_1 = "trustedCertAlias"
# Import signed certificates (will be imported into sslKeyStoreName)
sslSignedCertReqFilePath_1 = "@@wasDmHome@@/etc/signed_cert_@@cellName@@_@@clusterName@@"
sslSignedCertReqAlias_1 = "signedCertRequestAlias"
# Import (additional) certificates (private keys) that this server will use (will be imported into sslKeyStoreName)
sslAddCertFilePath_1 = @wasDmHome@@/etc/private_cert_@@cellName@@_@@clusterName@@"
sslAddCertAlias_1 = "privateCertRequestAlias"
sslAddCertFilePassword_1 = "password"
sslAddCertFileType_1 = ""