Network Deployment (Distributed operating systems), v8.0 > Develop and deploying applications > Develop web services - Security (WS-Security) > Configure Web Services Security during application assembly > Configure XML digital signature for v5.x web services with an assembly tool


Configure the server-side collection certificate store using an assembly tool

A collection certificate store is a collection of non-root, certificate authority (CA) certificates and certificate revocation lists (CRLs). This collections of CA certificates and CRLs are used to check the signature of a digitally signed SOAP message. We can configure the server-side collection certificate store by using an assembly tool.

There is an important distinction between v5.x and v6 and later applications. The information in this article supports v5.x applications only that are used with WAS Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications.

We can configure the collection certificate either by using an assembly tool or by using the WAS administrative console. Complete the following steps to configure the server-side collection certificate store using an assembly tool.


Procedure

  1. Start an assembly tool. See the related information on Assembly Tools.
  2. Switch to the Java EE perspective. Click Window > Open Perspective > J2EE.

  3. Click EJB projects > application_name > ejbModule > META-INF.
  4. Right-click the webservices.xml file, select Open with > Web Services Editor.

  5. Click the Binding configurations tab in the web services editor within the assembly tool. The Web Service Binding Configuration window is displayed.

  6. Select one of the web service description binding entries under the Port Component Binding section.
  7. Expand the Request receiver binding configuration details > Certificate store list > Collection certificate store section.

  8. Click Add to create a new collection certificate store, click Edit to edit an existing certificate store, or click Remove to delete an existing certification store.

  9. Enter a name in the Name field. This name is referenced in the Certificate store reference field in the Signing info dialog.
  10. Leave the Provider field as IBMCertPath.

  11. Click Add to enter the path to your certificate store. For example, the path might be: ${USER_INSTALL_ROOT]/etc/ws-security/samples/intca2.cer. If we have additional certificate store paths, click Add to add the paths.

  12. Click OK when you finish adding paths.


Assembly tools
Configure the client-side collection certificate store using an assembly tool
Configure the client-side collection certificate store
Configure default collection certificate stores at the server level in the WAS administrative console
Secure web services for v5.x applications using XML digital signature

+

Search Tips   |   Advanced Search