Configure client-side transport level security

 

---

The server-side, or service endpoint, transport level security is based on the SSL configuration of the WAS Web container.

To configure the client-side transport level security:

 

1. Create an SSL repertoire configuration entry

2. Edit ibm-webservicesclient-bnd.xmi and set sslConfig with the value of the alias name. For example:

   <sslConfig name="default/DefaultSSLSet"/>
   

   If the attribute is not defined, the default SSL setting is used for JSSE.

3. Locate the property file /opt/WebSphere\properties\sas.client.props for the service clients or create a new property file that includes:

   com.ibm.ssl.protocol
   com.ibm.ssl.keyStoreType
   com.ibm.ssl.keyStore
   com.ibm.ssl.keyStorePassword
   com.ibm.ssl.trustStoreType
   com.ibm.ssl.trustStore
   com.ibm.ssl.trustStorePassword
   

4. Set the system property, com.ibm.webservices.sslConfigURL to the property file. For example:

   Dcom.ibm.webservices.sslConfigURL=/opt/WebSphere/AppServer/properties/sas.client.props
   

   Note: If the property sslConfigURL is not defined, the default SSL setting is used for JSSE.

5. (Optional) Set the system properties of an unmanaged service client by using the -D option of the Java command or by calling the System.setProperty ( propertyName , " propertyValue ") with the following properties:

   java.protocol.handler.pkgs
   java.net.ssl.keyStore
   javax.net.ssl.keyStorePassword
   javax.net.ssl.trustStore
   javax.net.ssl.trustStorePassword
   

   See Using Java Secure Socket Extension (JSSE) and Java Cryptography Extension (JCA) with servlets and enterprise bean files for more information about customizing the JSSE.

6. Access the service endpoints in a Federal Information Processing Standard (FIPS)-enabled WebSphere Application Server.

   1. Check for the required properties defined in the WebSphere Application Server security documentation.

7. (Optional) Redirect the Simple Object Access Protocol (SOAP) request from a client to service endpoint to be over HTTPS. Complete this step if a transport guarantee of CONFIDENTIAL or INTEGRAL is configured for a secured Webapp. To redirect the request:

   1. Specify a system property, com.ibm.ws.webservices.HttpRedirectEnabled, to true for the entired Java Virtual Machine or set the property, com.ibm.wsspi.webservices.Constants.HTTP_REDIRECT_ENABLED, to true, in the stub or call instance, before the method is invoked.

---

Transport level security
Using Web services
Configure SSL
Using Java Secure Socket Extension and Java Cryptography Extension with Servlets and enterprise bean files
Configure Federal Information Processing Standard-approved Java Secure Socket Extension files

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.