If
you are using the Web Services Atomic Transaction (WS-AT) or Web Services
Business Activity (WS-BA) support in a secure environment, you might
need to change the default transaction service configuration. For
example, you might want to use an alternative port number for WS-AT
or WS-BA protocol messages, you might be interoperating with a non-WebSphere
Application Server product that requires client certificate authentication
on the Secure Sockets Layer (SSL) connection that is used for protocol
messages, or you might not need to use WebSphere Application Server
in a Common Criteria EAL4 evaluated configuration.
About this task
This task consists of the following subtasks. Perform
one or more of the subtasks depending upon your requirements:
- Disable WebSphere Application Server protocol security, which
is enabled by default. Perform this subtask if you want to interoperate
transactionally with other servers when the server is not in a Common
Criteria EAL4 evaluated configuration.
- Configure a new Web container transport
chain for use by WS-AT or WS-BA. When global security is enabled,
the transaction service, by default, uses the default secure Web container
transport chain: WCInboundDefaultSecure. By configuring a new transport
chain you can specify settings that are different from those in the
default transport chain, for example you can specify an alternative
SSL repertoire requiring client certificate authentication.
Procedure
- Disable WebSphere Application Server
protocol security.
- In the administrative console,
click server_name
- Clear the Enable protocol
security check box.
- Click OK and save your changes
to the master configuration.
- Create a
new Web container transport chain for WS-AT or WS-BA.
- In the administrative console, click > server_name.
- Under Container Settings click .
- Click New to create a new transport
chain.
- Type a name for the transport chain.
- From the transport chain template list, select the WebContainer-Secure template.
- Click Next to select a new port
for the chain
- Type a name, host, and port number for the port.
The host should match the common name in the certificate that
is used.
- Click Next.
- Confirm the settings, then click Finish.
- Save your changes to the configuration.
- Create a new SSL repertoire as appropriate and associate
it with the SSL channel that is associated with your new chain.
You are now ready to configure the transaction service
to use the new transport chain.
- Return to the server page by clicking > server_name.
- Under Container Services, select Transaction
Service.
- Under Additional Properties,
select Custom Properties.
- Click New to create a new custom
property.
- Enter WSTX_SECURE_TRANSPORT_CHAIN as
the name of the property, and the name of the secure Web container
transport chain that you created earlier as the value.
- Click OK and save your changes
to the master configuration.
- After you have saved all the configuration changes that
you require, restart the server for the changes to take effect.
Results
You configured
your system to use WS-AT or WS-BA in a secure environment.