Creating the Security DomainZipFile.zip

Create the Security DomainZipFile.zip for the SOA Policy Gateway Basic Runtime pattern, the SOA Policy Gateway Advanced Runtime pattern, and SOA Policy Gateway Basic Runtime Sample.

Procedure

Create the DomainZipFile.zip using the following rules:

  1. The Structure of the DomainZipFile.zip must be as follows:
    Note: Only the directory structure is required, the individual file names can follow naming of your choice. However, all certificate and key files must be in PEM format.
    Note: The use of the DataPower® Host Name in the path allows for different certificates to be used for different DataPower appliances.
    Table 1. Files required for the Basic and Advanced patterns
    File name, location relative to the root directory Notes®
    CurlClientPublicKeyFile.crt Only required if Mutual Authentication is used. PEM format only.
    CurlClientPrivateKeyFile.key Only required if Mutual Authentication is used.
    /dataPowerHostName/certificate1.crt The DataPower certificates to be uploaded to WSRR. It requires that the entire Certificate Chain is in PEM format. DataPower certificates to be uploaded to WSRR. It must include only the following content:
    ------BEGINCERTIFICATE---- to -----END CERTIFICATE----- 
    The file extension must be either .crt or .pem.
    /dataPowerHostName/certificate2.crt The file extension must be either .crt or .pem
    /dataPowerHostName/certificate3.crt The file extension must be either .crt or .pem
  2. For the SOA Policy Gateway Advanced Runtime pattern only, add the cli file to be run (optional):
    Table 2. Additional files required for the Advanced pattern
    File name, location relative to the root directory Notes
    /cli.cli A single CLI file that will be run at the end of the DataPower Domain Configuration
  3. Place DomainZipFile.zip on your SCP server location. Because of the sensitive nature of the files, it is recommended that you delete the file after configuration. The pattern configuration scripts will delete any files obtained from the DomainZipFile.zip as well as the copy of the DomainZipFile.zip that is created using SCP from your SCP environment.
  4. Note the following SCP Server information:
    • The SCP Host Name
    • The SCP path to the DomainZipFile.zip
    • The SCP User and Password

Task Task

Feedback

Timestamp icon Last updated: Thursday, 3 July 2014
http://publib.boulder.ibm.com/infocenter/prodconn/v1r0m0/topic/com.ibm.scenarios.soawdpwsrr.doc/topics/tsoa2_sample_security_file.htm