Https web service provider

Bertus_Botha1 · May 8, 2015, 10:49am

Hi,

I would like to convert one of my internal http SOAP web services on the integration server to a https web service. I am new to the concept of working with SSL and certificates. Can someone please help me with simple steps on how to achieve this?

When I try to change the Transport of the web service provider from http to https, I get the error: “Selected transport protocol does not match that of the primary port on the Integration Server.” As far as I know I need to create an HTTPS port on the integration server but for that I need to create a keystore alias or else I get the “Keystore alias is empty. Specify a keystore alias for the port or a global SSL keystore alias on the Security > Certificates > Edit page” error. Where can I get a certificate to import for the integration server?

What else do I need to do to get this working?

Regards,
Bertus

Holger_von_Thomsen · May 8, 2015, 1:42pm

Hi Bertus,

you can create one yourself by using OPENSSL.

If you have MWS installed there is a SAG demo certificate available which can be used for testing.

Import the certificate (Keystore and Truststore) under Security → Keystore.
Then under Security → Certificates assign the Keystore and Truststore alises to corresponding functions.
After that you should be able to create an HTTPS Port.
Assign this port to the web servcice provider.

Regards,
Holger

Bertus_Botha1 · May 8, 2015, 4:45pm

Hi Holger,

Thanks for you reply. I was able to setup my keystore and truststore under Security → Keystore, but when I go to Security → Certificates and try assign the Keystore Alias and Key Alias, the Key Alias drop-down is blank when I select my Keystore Alias. Any ideas why this would be happening?

I used a self-signed certificate to create the java truststore and the PKCS#12 keystore in the guide I found in the attached PDF.

Regards,
Bertus
MWS_SSL_article.pdf (263 KB)

Holger_von_Thomsen · May 11, 2015, 11:06am

Hi Bertus,

were there any messages while importing the keystore and trustsore?

Maybe an issue with the aliases for the keys.

As we always use CA-based certificates (even when we are using our custom CAs) we never had problems like this.
In our case the CA will be the jks for the truststore and the pk and the signed certificate (either by our own CA or by a CA hosted by our company´s security department) will form the PCKS#12 for the keystore.
After that we were able to set the certificates for the HTTPS.

Regards,
Holger