Tuesday, 20 August 2013

Configure mutual auth (2-way SSL) on specific WebSphere transports



In this example I've set up 2 way SSL for WC_default_secure inbound on the AppTarget and WebApp cluster members 

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
# Add MutualAuthSSLSettings at Cell level and client auth to True 
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
cell = AdminConfig.list('Cell') 
cellName = AdminConfig.showAttribute(cell, 'name') 
print "Creating new SSLConfiguration  at Cell scope with name of MutualAuthSSLSettings" 
AdminTask.createSSLConfig('[-alias MutualAuthSSLSettings -type JSSE -scopeName (cell):'+cellName+' -keyStoreName CellDefaultKeyStore -keyStoreScopeName (cell):'+cellName+' -trustStoreName CellDefaultTrustStore -trustStoreScopeName (cell):'+cellName+' -serverKeyAlias default -clientKeyAlias default ]') 

print "Setting MutualAuthSSLSettings for client auth = 'required'" 
AdminTask.modifySSLConfig('[-alias MutualAuthSSLSettings -scopeName (cell):'+cellName+' -keyStoreName CellDefaultKeyStore -keyStoreScopeName (cell):'+cellName+' -trustStoreName CellDefaultKeyStore -trustStoreScopeName (cell):'+cellName+' -jsseProvider IBMJSSE2 -sslProtocol SSL_TLS -clientAuthentication true -securityLevel HIGH -enabledCiphers ]') 

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
# Now iterate around each server and set WC_default_secure 
# inbound to use the new MutualAuthSSLSettings 
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
nodes = AdminConfig.list('Node') 
for node in nodes.splitlines(): 
        nodeName =  AdminConfig.showAttribute(node, 'name') 

        servers = AdminConfig.list('Server', node) 
        for server in servers.splitlines(): 
                serverName =  AdminConfig.showAttribute(server, 'name') 
                if(serverName.find('AppTarget') != -1): 
                        print "Setting "+serverName+" WC_default_secure_inbound to use MutualAuthSSLSettings" 
                        AdminTask.createSSLConfigGroup('[-name WC_defaulthost_secure -scopeName (cell):'+cellName+':(node):'+nodeName+':(server):'+serverName+':(endpoint):WC_defaulthost_secure -direction inbound -certificateAlias default -sslConfigAliasName MutualAuthSSLSettings -sslConfigScopeName (cell):'+cellName+' ]') 
                elif(serverName.find('WebApp') != -1): 
                        print "Setting "+serverName+" WC_default_secure_inbound to use MutualAuthSSLSettings" 
                        AdminTask.createSSLConfigGroup('[-name WC_defaulthost_secure -scopeName (cell):'+cellName+':(node):'+nodeName+':(server):'+serverName+':(endpoint):WC_defaulthost_secure -direction inbound -certificateAlias default -sslConfigAliasName MutualAuthSSLSettings -sslConfigScopeName (cell):'+cellName+' ]') 
        print
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)