Configure HTTP outbound transport level security with the administrative console
This task is one of several ways that we can configure the HTTP outbound transport level security for a web service acting as a client to another web service server. We can also configure the HTTP outbound transport level security with an assembly tool or using the Java properties. If we do not configure the HTTP outbound transport level security, the web services runtime defers to the Web Services for Java EE security runtime in the WebSphere product for an effective SSL configuration. If there is no SSL configuration with the Java EE security runtime in the WebSphere product, the JSSE system properties are used.
If we choose to configure the HTTP outbound transport level security with the administrative console or an assembly tool, the Web Services Security binding information is modified. We can use the administrative console to configure the web services client security bindings if we have deployed or installed the web services application into WAS. If we have not installed the web services application, we can configure the HTTP SSL configuration with an assembly tool. This task assumes that we have deployed the web services application into the WebSphere product.
If we configure the HTTP outbound transport level security using the standard Java properties for JSSE, the properties are configured as system properties. The configuration specified in the binding takes precedence over the Java properties. However, the configurations specified by the Java EE security programming model, or that are associated the Dynamic selection, have higher precedence.
See Secure communication using Secure Sockets Layers.
Configure HTTP outbound transport level security
This administrative console procedure applies only to JAX-RPC applications,
- Open the administrative console.
Applications > Enterprise Applications > application_instance > Manage Modules > module_instance > Web Services Security Properties > Web Services: Client security bindings > HTTP SSL Configuration
Select the Centrally-managed radio button so the system runtime chooses the SSL configuration based on the current context. Select the Specific to this Web service port radio button to choose the SSL configuration in the HTTP SSL configuration drop down box.
We have configured the HTTP outbound transport level security for a web service acting as a client to another web service with the administrative console.
Subtopics
Related:
Secure web services Secure communications using SSL End-to-end paths for web services Overview of standards and programming models for web services message-level security Configure Federal Information Processing Standard Java Secure Socket Extension files Deploy web services applications onto application servers Authenticate web services clients using HTTP basic authentication Secure web services applications at the transport level