Cryptographic hardware for SSL acceleration

If your portal environment makes extensive use of SSL, you might choose to use cryptographic hardware to offload encryption and improve performance. WebSphere® Portal Express® tolerates interfacing through WebSphere Application Server with cryptographic hardware for SSL acceleration. However, the tasks involved in setting up and configuring cryptographic hardware are generally specific to Web servers or WebSphere Application Server and do not necessarily involve configuring WebSphere Portal Express.

The WebSphere Application Server Information Center contains several topics for setting up and configuring password encryption with cryptographic hardware. Refer to these topics to get started with password encryption and learn more about available encryption features.

Most cryptographic hardware requires the PKCS11 support software for the host machine and internal firmware. To get started with cryptographic hardware, you should install the required support software, configure IBM® HTTP Server, then install the necessary devices. Refer to Getting started with the cryptographic hardware for SSL at: http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.websphere.ihs.doc/info/ihs/ihs/tihs_cryptossl.html

You can create a plug point to encrypt and decrypt all passwords in WebSphere Application Server that are currently encoded or decoded using Base64-encoding. Refer to Plug point for custom password encryption at:

Stand-alone environments: http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.websphere.base.doc/info/aes/ae/csec_plugpoint_custpass_encrypt.html
Clustered environments: http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/csec_plugpoint_custpass_encrypt.html

Create a custom class to encrypt passwords after you create your server profile. Refer to Enabling custom password encryption at:

Stand-alone environments:http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.websphere.base.doc/info/aes/ae/tsec_enable_custpass_encrypt.html
Clustered environments: http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tsec_enable_custpass_encrypt.html

In stand-alone environments, administrative functions such as installing WAR files or adding trace settings can fail when you meet both of the following conditions:

Your WebSphere Portal Express server uses the RSA_token value for security.
You enable cryptographic off-loading of SSL decryption and encryption through an implementation of PKCS11.

If your stand-alone environment meets both of the preceding conditions, complete the following steps:

Log in to the WebSphere Integrated Solutions Console.
Navigate to Security > Global Security > Administrative security > Administrative authentication
Select Only use the active application authentication mechanism.
Click Apply then OK and save the changes to the master configuration.
Log out of the WebSphere Integrated Solutions Console.
Restart the WebSphere_Portal server.