Configure HTTP outbound transport level security with the administrative console
We can configure HTTP outbound transport level security with the administrative console.
This task is one of several ways that we can configure the HTTP outbound transport level security for a web service acting as a client to another web service server. We can also configure the HTTP outbound transport level security with an assembly tool or using the Java properties. If we do not configure the HTTP outbound transport level security, the web services runtime defers to the Web Services for Java EE security runtime in the WebSphere product for an effective SSL configuration. If there is no SSL configuration with the Java EE security runtime in the WebSphere product, the Java Secure Socket Extension (JSSE) system properties are used.
If we choose to configure the HTTP outbound transport level security with the administrative console or an assembly tool, the Web Services Security binding information is modified. We can use the administrative console to configure the web services client security bindings if we have deployed or installed the web services application into WebSphere Application Server. If we have not installed the web services application, we can configure the HTTP SSL configuration with an assembly tool. This task assumes that we have deployed the web services application into the WebSphere product. See the deploying web services applications onto application servers information to learn more about deploying web services.
If we configure the HTTP outbound transport level security using the standard Java properties for JSSE, the properties are configured as system properties. The configuration specified in the binding takes precedence over the Java properties. However, the configurations specified by the Java EE security programming model, or associated the Dynamic selection, have higher precedence.
See the secure communications using Secure Sockets Layer information to learn more implementing transport level security.
Configure the HTTP outbound transport level security with the following steps provided in this task section.
This administrative console procedure applies only to JAX-RPC applications,
- Open the administrative console.
- Click Applications > Enterprise Applications > application_instance > Manage Modules > module_instance . Under Web Services Security Properties, click Web Services: Client security bindings.
- Under the heading, HTTP SSL Configuration, click Edit to access the HTTP SSL configuration panel. Select the Centrally-managed radio button so that the system runtime chooses the SSL configuration based on the current context. Select the Specific to this Web service port radio button to choose the SSL configuration in the HTTP SSL configuration drop down box.
Results
You have configured the HTTP outbound transport level security for a web service acting as a client to another web service with the administrative console.
Subtopics
- HTTP SSL Configuration collection
Use this page to configure transport-level Secure Sockets Layer (SSL) security. We can use this configuration when a web service is a client to another web service.
Related concepts
Secure web services Secure communications using SSL Overview of standards and programming models for web services message-level security
Related tasks
Configure Federal Information Processing Standard Java Secure Socket Extension files
Deploy web services applications onto application servers Authenticating web services clients using HTTP basic authentication Secure web services applications at the transport level