If
you are using the Web Services Atomic Transaction (WS-AT) or Web Services
Business Activity (WS-BA) support in a secure environment, you might need
to change the default transaction service configuration. For example, you
might want to use an alternative port number for WS-AT or WS-BA protocol messages,
you might be interoperating with a non-WebSphere Application Server product
that requires client certificate authentication on the Secure Sockets Layer
(SSL) connection that is used for protocol messages, or you might not need
to use WebSphere Application Server in a Common Criteria EAL4 evaluated configuration.
About this task
This task consists of the following subtasks. Perform one or more
of the subtasks depending upon your requirements:
- Disable WebSphere Application Server protocol security, which is enabled
by default. Perform this subtask if you want to interoperate with other servers
when not in a Common Criteria EAL4 evaluated configuration.
- Configure a new Web container transport chain for
use by WS-AT or WS-BA. When global security is enabled, the transaction service,
by default, uses the default secure Web container transport chain: WCInboundDefaultSecure.
By configuring a new transport chain you can specify settings that are different
from those in the default transport chain, for example you can specify an
alternative SSL repertoire requiring client certificate authentication.
Procedure
- Disable WebSphere Application Server protocol
security.
- In the administrative console, click server_name
- Clear the Enable protocol security check
box.
- Click OK and save your changes to the
master configuration.
- Create a new Web container
transport chain for WS-AT or WS-BA.
- In the administrative console, click > server_name.
- Under Container Settings click .
- Click New to create a new transport chain.
- Type a name for the transport chain.
- From the transport chain template list, select the WebContainer-Secure template.
- Click Next to select a new port for the
chain
- Type a name, host, and port number for the port. The
host should match the common name in the certificate that is used.
- Click Next.
- Confirm the settings, then click Finish.
- Save your changes to the configuration.
- Create a new SSL repertoire as appropriate and associate it
with the SSL channel that is associated with your new chain. You
are now ready to configure the transaction service to use the new transport
chain.
- Return to the server page by clicking > server_name.
- Under Container Services, select Transaction
Service.
- Under Additional Properties, select Custom
Properties.
- Click New to create a new custom property.
- Enter WSTX_SECURE_TRANSPORT_CHAIN as
the name of the property, and the name of the secure Web container transport
chain that you created earlier as the value.
- Click OK and save your changes to the
master configuration.
- After you have saved all the configuration changes that you require,
restart the server for the changes to take effect.
Results
You configured your system
to use WS-AT or WS-BA in a secure environment.