+

Search Tips   |   Advanced Search

Configure HTTP outbound transport level security using Java properties

We can configure the HTTP outbound transport level security for a web service using Java properties.

This task is one of three ways that we can configure HTTP outbound transport-level security for a web service that is acting as a client to another web service. We can also configure the HTTP outbound transport level security with the administrative console or an assembly tool. However, we can also use this task to configure the HTTP outbound transport-level security for a web service client.

If we choose to configure the HTTP outbound transport-level security with the administrative console or an assembly tool, the Web Services Security binding information is modified.

If we configure the HTTP outbound transport-level security using Java properties, the properties are configured as system properties. However, the configuration specified in the binding takes precedence over the Java properties.

We can configure the HTTP outbound transport-level security using WebSphere SSL properties or JSSE SSL properties. However, the WebSphere SSL properties take precedence over the JSSE SSL properties.

Configure the HTTP outbound transport-level security with the following steps provided in this task section.


Tasks

  1. Create a property file that includes the following properties:
    com.ibm.ssl.protocol
    com.ibm.ssl.keyStoreType
    com.ibm.ssl.keyStore
    com.ibm.ssl.keyStorePassword
    com.ibm.ssl.trustStoreType
    com.ibm.ssl.trustStore
    com.ibm.ssl.trustStorePassword
    

  2. Set the com.ibm.webservices.sslConfigURL Java system property to the absolute path of the created property file. If no WebSphere SSL properties are defined, the JSSE SSL properties are used. Set the JSSE SSL properties as JVM custom properties. See Secure transports with JSSE and JCE programming interfaces for more information about setting the JSSE SSL properties.

You have configured the HTTP outbound transport-level security for a web service acting as a client to another web service.


Related:

  • Secure web services
  • Overview of standards and programming models for web services message-level security
  • Configure Federal Information Processing Standard Java Secure Socket Extension files
  • Authenticating web services clients using HTTP basic authentication
  • Secure web services applications at the transport level
  • HTTP SSL Configuration collection