IBM WebSphere - Configure SSL TLS authentication, protocol, providers, and ciphers (QoP)

  1. In the WebSphere admin console, expand Security and select SSL certificate and key management.
  2. Select SSL configurations.
  3. Select one of the SSL configurations, such as CellDefaultSSLSettings.
  4. On the right side of the page, select Quality of protection (QoP) settings.

By default, client authentication will be set to None and the Protocol will be SSL_TLSv2.


By default, the JSSE (Java Secure Sockets Extension) provided will be set to IBMJSSE2.


There will be a number of ciphers that can be used. Ciphers can be added or removed from the cell or node.


These settings should also be defined in the security.xml file (e.g. /opt/WebSphere/AppServer/profiles/your_profile/config/cells/your_cell/security.xml).

<repertoire xmi:id="SSLConfig_1" alias="CellDefaultSSLSettings" managementScope="ManagementScope_1">
  <setting xmi:id="SecureSocketLayer_1" clientAuthentication="false" securityLevel="HIGH" enabledCiphers="" jsseProvider="IBMJSSE2" sslProtocol="SSL_TLSv2" keyStore="KeyStore_1" trustStore="KeyStore_2" trustManager="TrustManager_2" keyManager="KeyManager_1">
    <properties xmi:id="Property_1444451469965" name="" value="3"/>


You will probably also want to update value in the ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/ssl.client.props file to match the protocol.



Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 4e12d in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |