Configure secure access to WS-Notification service points by using SOAP over HTTPS
Modify the configuration of existing WS-Notification service points to require use of SOAP over HTTPS instead of SOAP over HTTP as the binding for inbound requests from notification providers.
This task assumes that we have an existing WS-Notification service and service points, and that you are using the SOAP over HTTP binding for inbound requests.
By default the SOAP over HTTP endpoints used by service points accept both HTTP and HTTPS requests. HTTPS can be used by changing the endpoint URL prefix to https:// on each WS-Notification service point for the service, and modifying the port to the HTTPS port used by the server (default of 9443).
For Version 7.0 WS-Notification services, enterprise applications are used to expose the web services associated with the WS-Notification service. For Version 6.1 WS-Notification services, service integration endpoint listeners are used.
- Start the console.
- Navigate to Service integration -> WS-Notification -> Services -> service_name -> [Additional Properties] WS-Notification service points or Service integration -> Buses -> bus_name -> [Services] WS-Notification services -> service_name -> [Additional Properties] WS-Notification service points, then identify the WS-Notification service points for the WS-Notification service to secure.
- Configure HTTPS access individually on each of the WS-Notification service points by repeating the following sub-steps:
For Version 7.0 WS-Notification services:
- In the content pane, click the name of a Version 7.0 WS-Notification service point in the list.
- Navigate to the associated enterprise application by clicking [Additional Properties] Service point application. The enterprise application settings panel is displayed.
We can also reach this panel by clicking Applications -> Application Types -> WebSphere enterprise applications -> application_name.
- In the enterprise application settings panel, click [Web Services Properties] Provide HTTP endpoint URL information.
- Specify the endpoint URL prefix (that is the protocol (HTTPS), host name, and port number) to use in the endpoint URL. We can select the default HTTPS prefix (https://your_host:9443) from a predefined list, or we can create and use our own custom HTTPS prefix. For more information, see Configure endpoint URL information for HTTP bindings.
For Version 6.1 WS-Notification services:
- Create a new endpoint listener with an https URL as the URL root.
- Modify this WS-Notification service point to associate the inbound port for the new endpoint listener with this service point. The https URL appears in the published WSDL file.
- Prevent the new endpoint listener from accepting HTTP connections by modifying the virtual host settings. For more information, see Virtual hosts and Create a Secure Sockets Layer configuration.
Related concepts
WS-Notification
Related tasks
Use WS-Notification for publish and subscribe messaging for web services Secure WS-Notification
WS-Notification roles and goals WS-Notification troubleshooting tips