You can enable individual Web service applications to use cryptographic
keys stored in hardware devices in Web Services Security.
Procedure
- In the administrative console, click Servers > Server
Types > WebSphere application servers and then select the server
name.
- Under Security, click JAX-WS and JAX-RPC security runtime.
- Under Additional properties, click key locators.
- Select the key locator name.
- Under Key store, specify the name of the keystore configuration.
If the keystore reference is specified to a hardware device configuration,
the Web Services Security runtime first attempts to obtain the cryptographic
algorithm from the hardware device. If the hardware device is not supported
or if it fails, the runtime for Web services security obtains the cryptographic
algorithm from the security providers list. See Creating a keystore configuration for more information about
how to create the name of a keystore configuration.
If
hardware acceleration is enabled, the Web service security runtime first attempts
to use the hardware device for cryptographic operations. If the attempt to
use the hardware device fails or if the algorithm is not supported by the
hardware device, the runtime will use a software provider from the security
providers list. The runtime displays a warning message that you failed to
use hardware cryptographic provider but the process will continue using the
software that is provided.
- Click OK.
Results
If the name of the keystore reference is a Java keystore file, a hardware
acceleration device that is configured at the application server level (ws-security.xml)
will be used for cryptographic operations.