SSL : Configuring SSL for Policy Manager Requests

Configuring SSL for Policy Manager Requests
To configure the management agent to enable secure connection from Policy Manager, do these tasks:
 
Task A Configure management agent to accept SSL requests
When this parameter is enabled, the management agent accepts only HTTPS connections from Policy Manager.
Task B Arrange WebSphere identity keystore
Arrange the WebSphere application server’s identity (certificate with private key) in the application server’s keystore file. For instructions, see WebSphere Application Server documentation.
The management agent inherits this identity from the application server.
Task C Arrange Policy Manager truststore
1.
2.
3.
 
    java.property.javax.net.ssl.trustStore=truststoreLocation
    java.property.javax.net.ssl.trustStorePassword=truststorePW
    java.property.javax.net.ssl.trustStoreType=truststoreType
a.
Create a truststore containing the public certificate of the WebSphere application server. The truststore file must be accessible from the Policy Manager host.
b.
Modify the file startPolicyMgr.tra by adding the three properties above, to specify the new truststore.
Task D Arrange Policy Manager keystore for client authentication
If the WebSphere application server requires client authentication from SSL clients, then you must also ensure proper configuration of Policy Manager’s identity (certificate with private key) in Policy Manager’s keystore.
1.
2.
 
    java.property.javax.net.ssl.keyStore=keystoreLocation
    java.property.javax.net.ssl.keyStorePassword=keystorePW
    java.property.javax.net.ssl.keyStoreType=keystoreType
 
If the file startPolicyMgr.tra does specify an identity keystore, verify that the keystore meets the requirements listed in the table (below), and then stop (do not complete the remaining steps).
If the file startPolicyMgr.tra does not specify an identity keystore, then do the remaining steps.
3.
Create an identity keystore containing the Policy Manager’s (central services) identity (certificate with private key). Ensure that the keystore meets the requirements in Table 7 (below).
4.
Modify the file startPolicyMgr.tra by adding the three properties above, to specify the new keystore.
Task E Arrange WebSphere truststore for client authentication
If the WebSphere application server requires client authentication from SSL clients, then you must also arrange Policy Manager’s public certificate in the WebSphere application server’s truststore. For instructions see WebSphere Application Server documentation.