Creating SSL configurations
You can create a Secure Sockets Layer (SSL) configuration that describes the settings for a service request that uses SSL certification mechanisms. SSL configurations can be associated with any service request that uses the HTTP or IBM® WebSphere® MQ transport protocols.
Before you begin
If you are using SSL, ensure that you have valid certificate keystore files in your workspace.
If you are using SOAP security, ensure that you have configured the environment with the correct libraries and configuration files. See Configuring the environment for SOAP security for more information.
About this task
Procedure
- Click the Generic service client toolbar push button to open the generic service client, and click the Transport tab.
- Either open an existing HTTP or WebSphere® MQ transport configuration, or create a new one, and then click Configure SSL.
- Click Rename to rename the default SSL configuration or New to create one.
- Specify the following settings for the SSL configuration.
- Server Authentication
- This section describes how the client trusts the server.
- Always trust server
- Select this option if no authentication is required or to ignore server certificates so that all servers are trusted. If you are using single authentication and you want to accept trusted servers only, then disable this option and specify a truststore that contains the trusted server certificates.
- Client truststore
- When you are using single authentication, the client truststore contains the certificates of all trusted servers. Click Browse to specify a KS, JKS, or JCEKS file containing valid certificates of the trusted servers.
- Password
- If the client truststore file is encrypted, type the password required to access the file.
- Mutual Authentication
- This section describes how the server trusts the client in addition to server authentication.
- Use client-side certificate
- If you are using double authentication, select this option to
specify a keystore containing the client certificate. This certificate
allows the server to authenticate the client.
- Client certificate keystore
- Click Browse to specify a KS, JKS, or JCEKS file containing a valid certificate that authenticates the client.
- Password
- If the client truststore file is encrypted, type the password required to access the file.
- Select trust alias for Mutual Authentication
- Select an alias to be used for the SSL configuration. There could be multiple aliases in a keystore for different security certificates. Choose an appropriate alias for a user. You can also use dataset to store aliases that you can apply to virtual users at run time.
Note: You can copy the contents from an SSL configuration into another SSL configuration by using Copy and Paste in the SSL editor. - Click OK to create the configuration, and close the SSL editor.