Configure the Secure Sockets Layer

The SSL is required by inbound services of WebSphere Commerce to use SOAP/HTTPS.

  1. Inspect and obtain the server certificate:

    1. Use Internet Explorer on any Windows machine to go to the endpoint URL /wsdl. For example, https://mycompany.com:8000/webapp/wcs/services/PaymentServices/wsdl.

      If you get a security alert with a warning such as " The name on the security certificate is invalid or does not match the name of the site", follow step 2 to generate a new server certificate because the issuer of the certificate does not match the name of the site (for example, mycompany.com). Use the View Certificate option to view the issuer of the certificate. By default, the WebSphere Commerce installation process should configure the Web server to use a self-signed certificate from "Dummy Certificate".

  2. Generate a new server certificate if you get a warning that the name on the security certificate is invalid or does not match the name of the site:

    1. By default, the WebSphere Commerce installation process should configure the Web server to use the following key database file: WC_installdir/instances/instance/httpconf/trust/keyfile.kdb

    2. Use any key management utility that supports CMS to open the file.

      The key database type should be "CMS". The password should be "ibmkey".

    3. You should see "Dummy Certificate" on the list of Personal Certificates. Click New Self-Signed to create a new self-signed certificate. The common name must be the hostname of the site (for example, company.com).

    4. Delete the dummy certificate and close the key management utility.

    5. Close the key management utility to save the changes.

    6. Repeat step 1. You should get a security alert without the warning.

  3. Extract the self-signed certificate and add it to a new key database file:

    1. Use the key management utility, open keyfile.kdb, select the self-signed certificate, and click Extract Certificate to extract the certificate to a file

    2. Use the key management utility, select Key Database File > New to create a new key database file.

      The key database type should be "JKS". Type the name and password for the database file which will be used in step 4 to configure the Web services client.

    3. Select Signer Certificates, and click Add to add the self-signed certificate to the key/trust store file. Type the certificate label.

    4. Close the key management utility to save the changes.

  4. Configure the Web services client to reference the key database file:

    1. Add the following lines to the Web services client code:
      System.setProperty("javax.net.ssl.trustStore","
      filename");
      System.setProperty("javax.net.ssl.trustStorePassword","
      password");
      System.setProperty("javax.net.ssl.keyStore","
      filename");
      System.setProperty("javax.net.ssl.keyStorePassword","
      password");
      Where:

      filename

      Is the filename of key database file created in step 3, for example, "C:/key.jks".

      password

      Is the password of the key database file.
      Alternatively, you can add those properties as command line arguments, for example, -Djavax.net.ssl.trustStore= filename.

Related reference

Troubleshoot: Web services