Loading Course Schedule...
PT10154
Training Summary
The WebSphere Application Server 8.5.5.x - Essential Security Concepts course provides the student with a detailed example-based guide which takes the student through how to configure Global Security for Federated Repositories. This course also covers how to set up IHS administration and other Global security insights, along with SSL management secrets often not addressed in most WAS courses. Jython scripts are also provided to automate the configuration of LDAP use in Global Security.The course has been written by Steve Robinson who is a well-known internationally acclaimed WebSphere Consultant and the author of several published WebSphere related books.
Prerequisites
Basic knowledge of Linux/Windows commands is expected. Prior experience in administering WebSphere Application Server version 6.1-8.x servers is expected, as is basic shell-scripting and Jython understanding.
Duration
3-5 Days/Lecture & Lab
Audience
This course was designed for:Experienced JEE Developers and Administrators having good experience with WebSphere Application Servers.People looking to upgrade their skills to use the WebSphere Application Server and configure LDAP and other forms of user-registries and fully understand how configure security for WAS environments
Course Topics
- JEE Security
- Global Security
- An Unsecured Console
- Turning on Global Security
- Security Configuration Wizard
- Virtual Member Manager
- Role Management
- Administrative Roles
- Disabling Global Security
- Setting the Internal Repository Using Scripting
- Adding Ldap to a Federated Repository
- Federated Repositories Recap
- Apacheds
- Installing Apacheds
- Install Apache Directory Studio
- Adding a New Partition
- Importing an Ldif File
- Ldap Security Settings
- Wimconfig.xml
- Changing the OU for Ldap Bind
- Looking at User Groups
- Standalone Ldap
- Configuring the Standalone Ldap Server
- Testing the Connection
- Review of Security.Xml
- Starting the Administrative Server
- Permissions
- Starting and Stopping IBM HTTP Server
- Starting and Stopping IBM Administration Server
- Creating a Web Server in WAS Admin Console
- Testing a Connection from WAS Console to IBM Administration Server
- Configuring Web Servers in WAS Admin Console
- Generating the plugin-cfg.xml File
- Propagating the plugin-cfg.xml File
- Configure IBM HTTP Server to load the Plugin Module
- Verify Default application Targets
- Configuring SSLFor Communication
- Creating a Self-Signed Digital Certificate
- Adding SSL to the IHS Virtual Host Configuration
- Propagating Keyring File from WAS to Web Server
- Configuring Virtual Hosts
- Automating Self-Signed Certificates
- Creating a New Key Database
- Setting the Database Password
- Registering a Key Database with the Server
- Creating a Self-Signed Certificate
- Managing Certificate Signing from a Certificate Authority
- Basic SSLOverview
- Digital Certificates
- Objective
- Install OpenSSL
- Create a CSRUsing Ikeyman Tool
- Using gskcmd Utility to Create a New Keyring Database to Store A CSR
- Verifying a Certificate Request via Command-Line
- Verifying a Certificate Request Using Ikeyman
- Listing Available Signers
- Create a New CA
- Signing the CSR Using The New CA
- Check the CSR Using OpenSSL
- Receive the Signed Certificate into the Key Database Using Command-Line
- Receive the Signed Certificate into the Key Database Using Gui
- Configure IBM HTTP Server with a Certificated Signed by a CA
- Adding the CA's Certificate to the Key Database
- Firefox Example Error
- Internet Explorer Example Error
- Adding CA's Certificate to the Browsers Trust Key Store/Database
- Configure /etc/hosts File
- Automating Web Server Definitions
- Understanding the Plugin-Cfg.Xml File
- Appendix A: Additional Information on OpenSSL Tool
- Appendix B: Creating a Key Pair Using OpenSSL
- Generate a Private Key
- Generate a Public Key
- Create a New CA Using Ca.Pl (CA Script)