If you are using the Web Services Atomic Transaction (WS-AT) support
in a secure environment, you might need to change the default WS-AT configuration.
For example, you might want to use an alternative port number for WS-AT protocol
messages, or you might be interoperating with a non-WebSphere Application
Server product that requires client certificate authentication on the Secure
Sockets Layer (SSL) connection that is used for protocol messages.
About this task
If your system involves only servers and clients that are running
WebSphere Application Server, the default configuration is usually sufficient.
Perform this task if your environment requires you to use an alternative port
for WS-AT protocol messages or if you are interoperating with a server product
other than WebSphere Application Server that requires specific SSL settings
for WS-AT protocol messages. .
This task consists of three subtasks:
- Disable WebSphere Application Server protocol security, which is enabled
by default. Disabling this function prevents WebSphere Application Server
automatically rejecting secure WS-AT protocol messages from non-WebSphere
Application Server products.
- Configure a new Web container transport chain for use by WS-AT. When global
security is enabled, the transaction service, by default, uses the default
secure Web container transport chain: WCInboundDefaultSecure. By configuring
a new transport chain you can specify settings that are different from those
in the default transport chain, for example you can specify an alternative
SSL repertoire.
- Configure the outbound SSL repertoire that is used by the transport chain.
This step is required if you are interoperating with a non-WebSphere Application
Server product that requires client certificate authentication for protocol
messages.
Procedure
If you are interoperating with a non-WebSphere
Application Server product, disable WebSphere Application Server protocol
security by performing the following steps.
- In the administrative console, click .
- Click the appropriate server name, then under Additional
Properties click Custom Properties.
- On the Custom Properties page, click New to
create a new custom property.
- On the settings page, type DISABLE_PROTOCOL_SECURITY in
the Name field and TRUE in the Value field.
- Click OK and save your changes to the
master configuration.
- If you need to create a new Web container transport chain, for
example, because you need to specify SSL settings other than the default,
create the chain by performing the following steps.
- Return to the server page by clicking > server_name.
- Under Container Settings click .
- Click New to create a new transport chain.
- Type a name for the transport chain.
- From the transport chain template list, select the WebContainer-Secure template.
- Click Next to select a new port for the
chain
- Type a name, host, and port number for the port. The
host should match the common name in the certificate that is used.
- Click Next, confirm the settings then
click Finish.
- Save your changes to the configuration.
- Create a new SSL repertoire as appropriate and associate it
with the SSL channel that is associated with your new chain. You
are now ready to configure the transaction service to use the new transport
chain.
- Return to the server page by clicking > server_name.
- Under Container Services, select Transaction
Service.
- Under Additional Properties, select Custom
Properties.
- Click New to create a new custom property.
- Enter WSTX_SECURE_TRANSPORT_CHAIN as
the name of the property, and the name of the secure Web container transport
chain that you created earlier as the value.
- Click OK and save your changes to the
master configuration.
- If the interoperating server requires client certificate authentication
for protocol messages, configure the appropriate SSL repertoire for outbound
connections, by performing the following steps.
- Return to the server page by clicking > server_name.
- Under Server Infrastructure click .
- Under Additional Properties click Java
Virtual Machine.
- Under Additional Properties click Custom
Properties.
- Click New to create a new custom property.
- Type ssl.configName as the name of the
property, and the full name of your SSL repertoire as the value. This
SSL repertoire is likely to be the one that you created in the previous subtask.
The full name of your SSL repertoire is of the form node_name/repertoire_name.
- Click OK and save your changes to the
configuration.
- After you have saved all the configuration changes that you require,
restart the server for the changes to take effect.
Results
You configured your system to use WS-AT in a secure environment.