Configuring AMSDK with a Secure IBM WebSphere Application Server

The IBM WebSphere Server must first be installed and configured as a web container before you configure it with the AMSDK in SSL. For installation instructions, see the WebSphere server documentation. To configure WebLogic as a web container for Access Manager, see Chapter 1, Access Manager 7 2005Q4 Configuration Scripts.

To Configure a Secure WebSphere Instance

1. Start ikeyman.sh, located in the Websphere /bin directory.

2. From the Signer menu, import the certification authority’s (CA) certificate.

3. From the Personal Certs menu, generate the CSR.

4. Retrieve the certificate created in the previous step.

5. Select Personal Certificates and import the server certificate.

6. From the WebSphere console, change the default SSL settings and select the ciphers.

7. Set the default IBM JSSE SSL provider.

8. Enter the following command to import the Root CA certificate from the file you just created into application server JVM Keystore:

   $ appserver_root-dir/java/bin/ keytool -import -trustcacerts -alias cmscacert -keystore ../jre/lib/security/cacerts -file /full_path_cacert_filename.txt

   app-server-root-dir is the root directory for the application server and full_path_cacert_filename.txt is the full path to the file containing the certificate.

9. In Access Manager, update the following parameters in AmConfig.properties to use JSSE:

   com.sun.identity.jss.donotInstallAtHighestPriority=true com.iplanet.security.SecureRandomFactoryImpl=com.iplanet. am.util.SecureRandomFactoryImpl com.iplanet.security.SSLSocketFactorImpl=netscape.ldap.factory. JSSESocketFactory com.iplanet.security.encyptor=com.iplanet.services.unil.JCEEncryption

10. Configure Access Manager in SSL Mode. For more information, see Configuring Access Manager in SSL Mode.