Security - cws-khuntly/WebSphere GitHub Wiki

date: 2025-05-08 12:57:13 created: 2025-05-08 12:57:10 categories:

  • WebSphere / Server Build / Common Configuration

Security

Login to the deployment manager via SSH

Source setupCmdLine.sh:

source /opt/IBM/WebSphere/profiles/${PROFILE_NAME}/bin/setupCmdLine.sh

Launch wsadmin:

 - ${USER_INSTALL_ROOT}/bin/wsadmin.sh -lang jython

Run the following task:

 - AdminTask.enablePasswordEncryption()

Save changes:

 - AdminConfig.save()

Exit wsadmin

Change permissions on the passwordUtil.properties and aesKey.jceks files:

 - chmod 600 ${USER_INSTALL_ROOT}/config/cells/dmgrCell/passwordUtil.properties

 - chmod 600 ${USER_INSTALL_ROOT}/config/cells/dmgrCell/aesKey.jceks

Perform a full node synchronization and restart all nodeagents and JVMs

Login to the ISC

Navigate to Security -> Global Security

Select "Custom Properties"

Add the following custom property:

 - Name: com.ibm.ssl.verifyHostname

 - Value: true

 - Click "OK"

Save changes

Navigate to Security -> SSL certificate and key management

Select "SSL configurations"

Select each configuration entry and perform the following steps:

 - Select Quality of protection (QoP) settings

  - In the "Protocol" section, select "Custom protocol list"

   - Add TLSv1.2

   - Add TLSv1.3

 - Click "OK"

 - Click "Custom properties"

 - Add the following custom property:

  - Name: com.ibm.ssl.verifyHostname

  - Value: true

 - Click "OK"

Save changes

⚠️ **GitHub.com Fallback** ⚠️