You can create a Secure Sockets Layer (SSL) configuration
that describes the settings for a service request that uses SSL certification
mechanisms. SSL configurations can be associated with any service
request that uses the HTTP or IBM WebSphere MQ transport protocols.
Before you begin
If you are using SSL, ensure that you have valid certificate
keystore files in your workspace.
If you are using SOAP security,
ensure that you have configured the environment with the correct libraries
and configuration files. See Configuring the environment for SOAP security for
more information.
Procedure
- Click the Generic service client
toolbar push button to open the generic service
client, and click the Transport tab.
- Either open an existing HTTP or WebSphere MQ protocol,
or create a one, and then click Open SSL Editor.
- Click Rename to rename
the default SSL configuration or New
to
create one.
- Specify the following settings for the SSL configuration.
- Server Authentication
- This section describes how the client trusts the server.
- Always trust server
- Select this option if no authentication is required or to ignore
server certificates so that all servers are trusted. If you are using
single authentication and you want to accept trusted servers only,
then disable this option and specify a truststore that contains the
trusted server certificates.
- Client truststore
- When you are using single authentication, the client truststore
contains the certificates of all trusted servers. Click Browse to
specify a KS, JKS, or JCEKS file containing valid certificates of
the trusted servers.
- Password
- If the client truststore file is encrypted, type the password
required to access the file.
- Mutual Authentication
- This section describes how the server trusts the client in addition
to server authentication.
- Use client-side certificate
- If you are using double authentication, select this option to
specify a keystore containing the client certificate. This certificate
allows the server to authenticate the client.
- Client certificate keystore
- Click Browse to specify a KS, JKS, or JCEKS
file containing a valid certificate that authenticates the client.
- Password
- If the client truststore file is encrypted, type the password
required to access the file.
Note: You can copy the contents from an SSL configuration
into another SSL configuration by using
Copy 
and
Paste 
in
the SSL editor.
- Click OK to create the configuration,
and close the SSL editor.
What to do next
When the SSL configuration is created, you can use the SSL
configuration with any service call that uses SSL certification. You
can use the SSL editor to edit existing configurations.