Securing WebSphere Application Server

Securing WebSphere® Application Server consists of securing IBM® HTTP Server (IHS), which is installed with WebSphere Application Server; securing the WebSphere Application Server HTTP plug-in; and securing the WebSphere Application Server environment.

Procedure

  1. You must secure IBM HTTP Server and WebSphere Application Server for client certificate authentication by completing the tasks that are described in section 8.7 of the WebSphere Application Server V7.0 Security Guide.
    Important: If you do not secure IBM HTTP Server and the WebSphere Application Server HTTP plug-in, then SSL communication does not function. As a result, the client certificate is not sent to WebSphere Application Server.
  2. For instructions on securing the WebSphere Application Server environment, review the article Advanced security hardening in WebSphere Application Server V7, V8, and V8.5, Part 1: Overview and approach to security hardening in the IBM WebSphere Developer Technical Journal.
  3. Restart the WebSphere Application Server to complete the configuration changes.
Parent topic: Configuring WebSphere Application Server
Previous topic: Configuring the certificate revocation list