Setup Client Application File

  1. Create an SSL properties file. Download one of the two templates from the IBM website's ssl.client.props client configuration file template that matches the JDK used by the Websphere server where LSF is deployed.
  2. Update the following properties:
    Property Description
    com.ibm.ssl.keyStore Keystore to use
    com.ibm.ssl.keyStorePassword Password of the keystore
    com.ibm.ssl.trustStore Truststore to use
    com.ibm.ssl.trustStorePassword Password of the truststore
    com.ibm.ssl.enableSignerExchangePrompt

    There are two recommended value for this property:

    true - This enables the signer exchange prompt on the console

    gui - This enables the signer exchange prompt GUI
  3. To add another SSL configuration, copy com.ibm.ssl.alias to com.ibm.ssl.trustStoreReadOnly at the end of the file.
    Note: It is recommended to name this file, ssl.conf.props.
  4. Create Security properties file and name this file as sas.conf.file.
  5. Transfer the server’s signer certificates to the client’s trust store using the SaveCertificate tool. Use the parameters below as your reference to signer certificate values.
    -classpath [dependency folder]

    A parameter to specify the directory containing the JAR dependencies.

    -sslConfFile [config file]

    A parameter to provide the URL of the SSL configuration file that will be used by the Websphere API.

    -sasConfFile [config file]

    A parameter to provide the URL of the security configuration file that will be used by the Websphere API.

    -directIOSConfFile [config file]

    Option to specify the configuration file that will be used to set up the LSFClientFactory object.

    -serverName [server name]

    Option to provide a list of comma-separated list of server name/s to be used as IIOP Host.

    -port [port]

    Option to provide a list of comma-separated list of port/s to be used as IIOP port.

  6. Add the following configurations on the standalone client:
    Entity Value
    VM Arguments

    -Dcom.ibm.SSL.ConfigURL=<SSL Properties File>

    -Dcom.ibm.CORBA.ConfigURL=<Security Properties File>

    Run-Time Dependencies

    Ibmpkcs.jar

    This .jar can be located at %Websphere_DIRECTORY%\AppServer\java\jre\lib\