Académique Documents
Professionnel Documents
Culture Documents
This PDF is a full example of one of the many PPT theory packs included in the course.
WAS ND 8.0 Administration Essentials is a course available for purchase from the Middleware Shop.
http://www.themiddlewareshop.com
Only $99.95
Contains over 850 pages of How-to guides and over 350 PPT slides. Written by: Steve Robinson
Objectives
In this module the student will be able to understand
SSL Concepts Configuring SSL between IHS and WAS General steps involved in configuring SSL for any product Inbound and Outbound SSL configuration in WAS
Outline
Part I - SSL Concepts
Data encryption, Symmetric Cryptography, Asymmetric Cryptography, Message Digests, Authentication, Cipher Suites, SSL Handshake, Digital Certificates, CSR, Key Database
Part II Configuring SSL between IHS and WAS Part III Configuring SSL in WAS
SSL Concepts
Part I
SSL Introduction
SSL Stands for Secure Sockets Layer To secure communication the following objectives are to be met
Privacy Data Integrity Authentication
Data Encryption
Data can be encrypted and sent to maintain the privacy of a conversation Encryption is the process of converting plaintext to encrypted data using a key and an algorithm
Plain Text Encrypt 010 110
Key
Agree on Key and Cipher
Cipher
Key
Plain Text
Decrypt
Symmetric Cryptography
Key used for encryption is used to decrypt Problem is in sharing the key to the other party Algorithms RC4, 3DES
Asymmetric Cryptography
Plain Text Encrypt 010 110
Private Key and Public Key form a key pair. Data encrypted with one can only be decrypted with the other.
Private Key
Cipher
Decrypt
Message Digests
Generate Message Digest Plain Text Encrypt 010 110 101
Key
Cipher
Key
Plain Text
Message Digest is like a finger print. If Message Digests match, then the data is not tampered with
101
Establishing Trust
TrustStore
Server cert
TrustStore
Client Cert
Client
Server
1. Requests a protected resource 2. Presents server certificate
Client KeyStore
Client Cert
Server KeyStore
Server cert
Cipher Suites
A Cipher suite is a set of algorithms used for completing the initial handshake and performing bulk encryption Example: SSL_RSA_WITH_RC4_128_MD5
SSL Handshake
Digital Certificates
A Digital certificate can be used to verify the identity. It contains
Subject (Common Name, Organization etc) Public Key Expiry Date (Validity period) Issuer (CA) Signature
Trust Chain Self-signed Digital Certificate of a trusted CA like Verisign
Self-Signed certificate
Certificate not signed by a CA, self-signed Usually such certificates are not trusted (except trusted CAs self-signed Certs)
Key Database
A key database is used to hold the digital certificates and key pairs in a secure manner. The key database is protected by a password Every entry in the database is accessed through an alias name Some key database types like JKS, protects each entry with a separate password
Plugin-key.kdb 1
Plugin-key.kdb
The trust database contains the certificates of the CAs that the party is willing to trust
Inbound SSL
Called Inbound because WAS acts as the server SSL Configuration object can be created and then attached at any point in the tree The one at the lowest level overrides and is used
But what is a SSL Configuration Object?
Outbound SSL
Here Outbound means that WAS acts as the client WAS supports dynamic selection of SSL configuration based on
Protocol-host-port combination Configured through Dynamic outbound endpoint SSL Configuration object which provides a mapping between protocol-host-port combinations and a SSL Configuration
The Middleware Shop This content is copyright
http://www.themiddlewareshop.com