Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Administer Web Services Security > Enable cryptographic keys stored in hardware devices for Web Services Security > Enable hardware cryptographic devices for Web Services Security
Enable cryptographic keys stored in hardware devices in Web Services Security
We can enable individual web service applications to use cryptographic keys stored in hardware devices in Web Services Security. We must first configure the hardware acceleration device using the key management panels in the admin console. See Configure hardware cryptographic devices for Web Services Security
Procedure
- In the admin console, click...
> Server types > WebSphere application servers and then select the server name.
- Under Security, click JAX-WS and JAX-RPC security runtime.
- Under Additional properties, click key locators.
- Select the key locator name.
- Under Key store, specify the name of the keystore configuration.
If the keystore reference is specified to a hardware device configuration, the Web Services Security runtime first attempts to obtain the cryptographic algorithm from the hardware device. If the hardware device is not supported or if it fails, the runtime for Web Services Security obtains the cryptographic algorithm from the security providers list. Read about creating a keystore configuration for a preexisting keystore file for more information about how to create the name of a keystore configuration.
If hardware acceleration is enabled, the Web Services Security run time first attempts to use the hardware device for cryptographic operations. If the attempt to use the hardware device fails or if the algorithm is not supported by the hardware device, the runtime will use a software provider from the security providers list. The runtime displays a warning message that you failed to use hardware cryptographic provider but the process will continue using the software provided.
- Click OK.
Results
If the name of the keystore reference is a Java keystore file, a hardware acceleration device that is configured at the application server level (ws-security.xml) will be used for cryptographic operations.
Hardware cryptographic device support for Web Services Security
Configure hardware cryptographic devices for Web Services Security
Create a keystore configuration for a preexisting keystore file
Enable hardware cryptographic devices for Web Services Security