Certificate overview

Table 18 summarizes the way certificates are used in WebSphere Partner Gateway. Certificate locations are shown in parenthesis "( )".

Table 18. Certificate summary information
Message delivery method (See note 1) Hub operator certificate Obtain certificate and CA from participant CA (See note 2) Give certificate to participant (See note 3) Comments
Inbound SSL Install on WebSphere Application server-side SSL. (Place in the WebSphere Application Server key store.) N/A Only needed if client authentication is used. (Place the CA or self-signed certificate in the WebSphere Application Server trust store.) Hub operator certificate if self-signed or the CA root certificate if it is CA- authenticated.
Outbound SSL If client authentication is being used. (WebSphere Partner Gateway) Participant server-side certificate or CA root certificate if it is CA-authenticated. WebSphere Partner Gateway Hub Operator certificate if self-signed or public key if signed by a third party.
Inbound Encryption Private key (WebSphere Partner Gateway) N/A N/A Hub Operator certificate For decrypting the message
Inbound Signature N/A Certificate for validating the certificate used for the digital signature. (WebSphere Partner Gateway) WebSphere Partner Gateway N/A For verification and nonrepudiation
Outbound Encryption N/A Use the certificate obtained from the participant. (Certificate is installed in the participant's profile) CA for client certificate if not self-signed N/A For encryption of outbound messages
Outbound Signature Private key (WebSphere Partner Gateway) N/A N/A Optional, depending on partner; give WebSphere Partner Gateway public key
Certificate to DUNS validation N/A Load in participant profile Load the same certificate (as the one in the column to the left) in the Hub Operator profile as the CA certificate Validates that this certificate is for this DUNS ID when the SSL check is done

Notes:
  1. An inbound message is one coming into WebSphere Partner Gateway from a participant. An outbound message is one going out of WebSphere Partner Gateway to a participant.
  2. If the certificate is CA-issued, the issuing CA certificate must be obtained and stored. This applies to either the Hub Operator certificate or the participant's certificate.
  3. If a private key is involved, this certificate corresponds to the private key.

Copyright IBM Corp. 2003, 2005