Invoking Web services over HTTPS

The Web services gateway can invoke Web services that include https:// in their addresses, if the Java and WebSphere security properties are configured appropriately. This means that one gateway can send a SOAP over HTTPS message direct to another gateway, rather than exporting services and having clients invoke them using HTTPS.

 

Overview

To enable your gateway to send and receive SOAP/HTTPS messages, confirm that your Java and WebSphere security properties are configured as described in the following steps:

1. Check that there is a copy of the ibmjsse.jar file in the install_root/java/jre/lib/ext directorywhere install_root is the root directory for your installation of IBM WebSphere Application Server (by default WebSphere/AppServer).

2. Edit the install_root/java/jre/lib/security/java.security security properties file so that it includes entries for both the Sun security provider and the IBM security provider. For example:

   security.provider.1=sun.security.provider.Sun
   security.provider.2=com.ibm.jsse.IBMJSSEProvider
   

   The order is significant. The Sun security provider must come before the IBM provider.

3. Use the WebSphere Application Server administrative console to set up the following system properties:

   // truststore location
   System.setProperty("javax.net.ssl.trustStore",
                      "your_truststore_root_directory/TestSSL/key.jks");
   // set truststore password
   System.setProperty("javax.net.ssl.trustStorePassword",
                      "your_truststore_password");
   //use ibm reference implementation
   System.setProperty("java.protocol.handler.pkgs",
                      "com.ibm.net.ssl.internal.www.protocol");

---

Securing the Web services gateway
Enabling gateway-level authentication
Enabling operation-level authorization
Troubleshooting the Web services gateway
    

 

---