Table 18 summarizes the way certificates are used in WebSphere Partner Gateway. Certificate locations are shown in parenthesis "( )".
Message delivery method (See note 1) | Hub operator certificate | Obtain certificate and CA from participant | CA (See note 2) | Give certificate to participant (See note 3) | Comments |
---|---|---|---|---|---|
Inbound SSL | Install on WebSphere Application server-side SSL. (Place in the WebSphere Application Server key store.) | N/A | Only needed if client authentication is used. (Place the CA or self-signed certificate in the WebSphere Application Server trust store.) | Hub operator certificate if self-signed or the CA root certificate if it is CA- authenticated. | |
Outbound SSL | If client authentication is being used. (WebSphere Partner Gateway) | Participant server-side certificate or CA root certificate if it is CA-authenticated. | WebSphere Partner Gateway | Hub Operator certificate if self-signed or public key if signed by a third party. | |
Inbound Encryption | Private key (WebSphere Partner Gateway) | N/A | N/A | Hub Operator certificate | For decrypting the message |
Inbound Signature | N/A | Certificate for validating the certificate used for the digital signature. (WebSphere Partner Gateway) | WebSphere Partner Gateway | N/A | For verification and nonrepudiation |
Outbound Encryption | N/A | Use the certificate obtained from the participant. (Certificate is installed in the participant's profile) | CA for client certificate if not self-signed | N/A | For encryption of outbound messages |
Outbound Signature | Private key (WebSphere Partner Gateway) | N/A | N/A | Optional, depending on partner; give WebSphere Partner Gateway public key | |
Certificate to DUNS validation | N/A | Load in participant profile | Load the same certificate (as the one in the column to the left) in the Hub Operator profile as the CA certificate | Validates that this certificate is for this DUNS ID when the SSL check is done |