Enable X.509 certificates

When creating a WebSphere Commerce instance, you select either Basic authentication or X.509 authentication using the Configuration Manager. The default is Basic authentication, which is authentication using a logon ID and password.

  1. Set up your IBM HTTP Web server SSL certificate. The SSL server certificate includes a list of client authorities for trust relationships. You may need to add additional client certificate authorities.

  2. Open the Configuration Manager.

  3. Select WebSphere Commerce > node > Commerce > Instance List > instance > Instance Properties > Web server.

  4. Check the X.509 box for Authentication Mode. Click Apply. X.509 client certificate users will now be accepted. The IBM HTTP server is automatically enabled for certificate support, when X.509 Authentication Mode is selected.

  5. Stop and start the WebSphere Commerce Server. WebSphere Commerce will not register X.509 users in the CERT_X509 table until the server has been restarted.


You can make X.509 certificates either optional or required.

  1. Open the configuration file httpd.conf and locate the SSLClientAuth directive. Set the directive to 1 (optional) or 2 (required). The recommended parameter is required.

  2. Since the WebSphere Commerce Payments client does not support SSL Client Authentication, disable SSL between the WebSphere Commerce Payments client and the Web server.

    1. In a text editor open the PaymentServlet.properties file. The file is in the WebSphere Commerce Payments installation Directory.

      • Locate the UseNonSSLWCSClient property. Set the property to a value of '1' (one).

      • If you cannot find the UseNonSSLWCSClient property in the file, add the line
        UseNonSSLWCSClient=1
        
        
        

    2. Save the file, and exit the editor.

  3. If WebSphere Commerce Payments is installed on the same machine as WebSphere Commerce:

    1. Open the Configuration Manager.

    2. Select WebSphere Commerce > node > Payments.

    3. Check Use non-SSL Payments Client. This enables the WebSphere Commerce Server client to communicate with WebSphere Commerce Payments, without using SSL.

    4. Click Apply.

    5. Close the Configuration Manager.

  4. Restart WebSphere Commerce Payments.

  5. Restart your WebSphere Commerce instance.

Refer to the IBM HTTP server documentation for more information and further options on setting restrictions and filtering parameters for certificates.

 

Related Concepts


X.509 certificates