Configure client-side transport level security

 


The server-side, or service endpoint, transport level security is based on the SSL configuration of the WAS Web container.

To configure the client-side transport level security:

 

  1. Create an SSL repertoire configuration entry

  2. Edit ibm-webservicesclient-bnd.xmi and set sslConfig with the value of the alias name. For example:

    <sslConfig name="default/DefaultSSLSet"/>
    

    If the attribute is not defined, the default SSL setting is used for JSSE.

  3. Locate the property file /opt/WebSphere\properties\sas.client.props for the service clients or create a new property file that includes:

    com.ibm.ssl.protocol
    com.ibm.ssl.keyStoreType
    com.ibm.ssl.keyStore
    com.ibm.ssl.keyStorePassword
    com.ibm.ssl.trustStoreType
    com.ibm.ssl.trustStore
    com.ibm.ssl.trustStorePassword
    

  4. Set the system property, com.ibm.webservices.sslConfigURL to the property file. For example:

    Dcom.ibm.webservices.sslConfigURL=/opt/WebSphere/AppServer/properties/sas.client.props
    

    Note: If the property sslConfigURL is not defined, the default SSL setting is used for JSSE.

  5. (Optional) Set the system properties of an unmanaged service client by using the -D option of the Java command or by calling the System.setProperty ( propertyName , " propertyValue ") with the following properties:

    java.protocol.handler.pkgs
    java.net.ssl.keyStore
    javax.net.ssl.keyStorePassword
    javax.net.ssl.trustStore
    javax.net.ssl.trustStorePassword
    
    See Using Java Secure Socket Extension (JSSE) and Java Cryptography Extension (JCA) with servlets and enterprise bean files for more information about customizing the JSSE.

  6. Access the service endpoints in a Federal Information Processing Standard (FIPS)-enabled WebSphere Application Server.

    1. Check for the required properties defined in the WebSphere Application Server security documentation.

  7. (Optional) Redirect the Simple Object Access Protocol (SOAP) request from a client to service endpoint to be over HTTPS. Complete this step if a transport guarantee of CONFIDENTIAL or INTEGRAL is configured for a secured Webapp. To redirect the request:

    1. Specify a system property, com.ibm.ws.webservices.HttpRedirectEnabled, to true for the entired Java Virtual Machine or set the property, com.ibm.wsspi.webservices.Constants.HTTP_REDIRECT_ENABLED, to true, in the stub or call instance, before the method is invoked.


Transport level security
Using Web services
Configure SSL
Using Java Secure Socket Extension and Java Cryptography Extension with Servlets and enterprise bean files
Configure Federal Information Processing Standard-approved Java Secure Socket Extension files

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.