Invoking Web services over HTTPS

The Web services gateway can invoke Web services that include https:// in their addresses, if the Java and WebSphere security properties are configured appropriately. This means that one gateway can send a SOAP over HTTPS message direct to another gateway, rather than exporting services and having clients invoke them using HTTPS.

Why and when to perform this task

To enable your gateway to send and receive SOAP/HTTPS messages, confirm that your Java and WebSphere security properties are configured as described in the following steps:

Steps for this task

  1. Check that there is a copy of the ibmjsse.jar file in the install_root/java/jre/lib/ext directory
    where install_root is the root directory for your installation of IBM WebSphere Application Server (by default WebSphere/AppServer).
  2. Edit the install_root/java/jre/lib/security/java.security security properties file so that it includes entries for both the Sun security provider and the IBM security provider. For example:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.ibm.jsse.IBMJSSEProvider
    

    The order is significant. The Sun security provider must come before the IBM provider.

  3. Add the following Java system properties for the servers concerned:
    -Djavax.net.ssl.trustStore=safkeyring:///WASKeyring_name
    -Djavax.net.ssl.trustStoreType=JCERACFKS
    -Djavax.net.ssl.trustStorePassword=password
    -Djava.protocol.handler.pkgs=com.ibm.crypto.provider
    Where WASKeyring_name is the name of the RACF keyring set for WebSphere Application Server.

Related tasks
Securing the Web services gateway
Enabling gateway-level authentication
Enabling operation-level authorization
Troubleshooting the Web services gateway



Searchable topic ID:   twsg_security_https
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/twsg_security_https.html

Library | Support | Terms of Use | Feedback