Invoking Web services over HTTPS

The Web services gateway can invoke Web services that include https:// in their addresses, if the Java and WebSphere security properties have been configured to allow it. This means that one gateway can send a SOAP/HTTPS message direct to another gateway, rather than having to export services and have clients invoke them using HTTPS.

To enable your gateway to send and receive SOAP/HTTPS messages, confirm that your Java and WebSphere security properties are configured as described in the following steps:

 

1. Check that there is a copy of file ibmjsse.jar in directory WAS_HOME/java/jre/lib/ext (where WAS_HOME is the root directory for your installation of IBM WebSphere Application Server).

2. Edit the security properties file WAS_HOME/java/jre/lib/security/java.security so that it includes entries for both the Sun security provider and the IBM security provider. For example:

   security.provider.1=sun.security.provider.Sun
   security.provider.2=com.ibm.jsse.IBMJSSEProvider
   

   Note: The order is significant. The Sun security provider must come before the IBM provider.

3. Use the WebSphere Application Server Administrative Console to set up the following equivalent system properties:

   // truststore location
   System.setProperty("javax.net.ssl.trustStore",
                      "your_truststore_root_directory/TestSSL/key.jks");
   // set truststore password
   System.setProperty("javax.net.ssl.trustStorePassword","your_truststore_password");
   //use ibm reference implementation
   System.setProperty("java.protocol.handler.pkgs",
                      "com.ibm.net.ssl.internal.www.protocol");
   

---

Administering security for the Web services gateway
Enabling gateway-level authentication
Enabling operation-level authorization
Web services gateway troubleshooting tips

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.