You can enable individual Web service applications to use
cryptographic keys stored in hardware devices in Web Services Security.
Procedure
- In the administrative console, click Servers > Server
types > WebSphere® application servers and then
select the server name.
- Under Security, click JAX-WS and JAX-RPC security
runtime.
- Under Additional properties, click key locators.
- Select the key locator name.
- Under Key store, specify the name of the keystore
configuration.
If the keystore reference is specified
to a hardware device configuration, the Web Services Security runtime
first attempts to obtain the cryptographic algorithm from the hardware
device. If the hardware device is not supported or if it fails, the
runtime for Web services security obtains the cryptographic algorithm
from the security providers list. Read about creating a keystore configuration
for a preexisting keystore file for more information about how to
create the name of a keystore configuration.
If
hardware acceleration is enabled, the Web Service Security run time
first attempts to use the hardware device for cryptographic operations.
If the attempt to use the hardware device fails or if the algorithm
is not supported by the hardware device, the runtime will use a software
provider from the security providers list. The runtime displays a
warning message that you failed to use hardware cryptographic provider
but the process will continue using the software that is provided.
- Click OK.
Results
If the name of the keystore reference is a Java keystore
file, a hardware acceleration device that is configured at the application
server level (ws-security.xml) will be used for cryptographic
operations.