We have implemented WS security facility for one of the consumer. It is currently implemented using SOAP over HTTP.
There is requirement from the project, that this consumer WSD should support for HTTPS. We have added the partner certificate in our truststore. We are receiving the below SSL handshake errors when we invoke the connector.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
We just want to understand If WS Security implemented via WS Security facility(Handler service attached to WSD) and SSL supported for the Consumer WSD. Below is the extract from the Webservices developer guide,
Integration Server support of WS-Security when using the WS-Security facility does not enable or enforce any of the transport-level security measures provided by SSL and HTTP authentication.
Will SSL works for Consumer WSD which implements WS Security via WS Security facility? or Do we need to use WS Security via Policy files?
Thanks in Advance.
To answer one of your questions, yes I think it should be supported to use the old ws-security facility with HTTPS.
The IS Web Services Guide documentation right above the other Note you reference says:
Note that the two security architectures are not mutually exclusive. You can design a solution for your web services that uses a transport-based security architecture such as SSL to secure the connection endpoints, along with a message-based, WS-Security implementation.
I think that the Note you refer to was simply saying that using the ws-security Facility does not automatically enable or support any transport level security measures, you still need to enable & configure them separately.
To answer the other question, Will SSL works for Consumer WSD which implements WS Security via WS Security facility? or Do we need to use WS Security via Policy files?, I think the answer is yes it should work. But, it is worth noting that the WS-Security Facility has been officially deprecated as of the 10.4 release. It existed for backward compatibility of web services created before IS 8.2 and it is advised that anyone making use of the ws-security Facility or the Pre 8.2 compatibility mode in general, migrate away from it as soon as possible.