Configure client-side SSL for Web services

Transport level security is based on Secured Sockets Layer (SSL) or Transport Layer Security (TLS) that runs beneath the HTTP protocol. Both provide security features including authentication, data protection, and cryptographic token support for secure HTTP connections. To run with HTTPS, the service endpoint address must be in the form of https://.

The integrity and confidentiality of transport data, including Simple Object Access Protocol (SOAP) messages and HTTP basic authentication, is confirmed when you use SSL and TLS. WebSphere Application Server - Express uses Java Secure Sockets Extension (JSSE) to support SSL and TLS.

The server-side, or service endpoint, transport level security is based on the Secured Sockets Layer (SSL) configuration of the WebSphere Application Server - Express Web container. See Configure SSL in WebSphere Application Server - Express in the Security topic for more information.

To configure the client-side transport level security, perform the following steps:

1. Create an SSL reperoire configuration entry for an existing service endpoint that acts as a service client. For more information, see Use SSL configuration repertoires in the Security topic.

2. Define the attribute sslConfig with the value of the alias name in the ibm-webservicesclient-bnd.xmi file. For example:

   <sslConfig name="default/DefaultSSLSettings"/>

   Note: If the attribute is not defined, the default SSL setting is used for JSSE.

3. Set the system property, com.ibm.webservices.sslConfigURL, to the property file. For example:

   Dcom.ibm.webservices.sslConfigURL=${USER_INSTALL_ROOT}/properties/sas.client.props

   Note: If the property sslConfigURL is not defined, the default SSL setting is used for JSSE.

4. (Optional) Set the system properties of an unmanaged service client by using the -D option of the Java command. Alternatively, you can call the System.setProperty (propertyName, "propertyValue") method, where propertyName is the name of a property, and propertyValue is the value of the property.

   Using either method, set values for the following properties:

   • java.protocol.handler.pkgs
   • javax.net.ssl.keyStore
   • javax.net.ssl.keyStorePassword
   • javax.net.ssl.trustStore
   • javax.net.ssl.trustStorePassword

5. (Optional) Redirect the Simple Object Access Protocol (SOAP) request from a client to service endpoint to be over HTTPS. Complete this step if a transport guarantee of CONFIDENTIAL or INTEGRAL is configured for a secured Web application.

   To redirect the request set the system property com.ibm.ws.webservices.HttpRedirectEnabled to true for the entire Java virtual machine.

   Alternatively, you can set the property com.ibm.wsspi.webservices.Constants.HTTP_REDIRECT_ENABLED, to true in the stub or call instance, before the method is invoked.

6. After you have deployed your application, Edit the SSL configuration with the WebSphere administrative console.