For purposes of integrity, you can configure your Web services to digitally sign and verify those digital signatures for the body, timestamp, or security token in a SOAP message.
To configure digital signing for your Web service, perform the following steps:
Configure a key locator
Key locators are used to find keys for digital signature and encryption. WebSphere Application Server - Express provides default key locators that you can use with your digital signature configuration, or you can develop your own.
Configure a collection certificate store
A collection certificate store contains CA certificates that are used to verify digital signatures. See this topic for information about configuring a collection certificate store for your Web services.
Configure trust anchors
A trust anchor specifies key stores that contain root-trusted certificates that are used to validate the signer certificate of the digital signature. See this topic for information about configuring a trust anchor for your Web services.
Configure the client for request signing
Configure your Web services client to digitally sign its requests to the server.
Configure the client for response digital signature verification
Configure your Web services client to verify digital signatures in responses from the server.
Configure the server for request digital signature verification
Configure your Web service to verify digital signatures in requests it receives from the client.
Configure the server for response signing
Configure your Web service to digitally sign its responses to the client.