| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SSL configurations in SOAP node |
« View previous topic :: View next topic » |
| Author |
Message
|
| GeneRK4 |
 Posted: Sun Oct 20, 2013 5:28 pm Post subject: SSL configurations in SOAP node |
 |
|
Master
Joined: 08 Jul 2013
Posts: 220
|
I did a prototype for my new project where SSL is going to be implemented using SOAP nodes.
As I am doing this for the first time,I followed the ibm sites and I could successfully test it.
I need some expertise advice to understand and get clarifications on few things in which still I am not very clear...
1) When we design for SSL,should we have to ask? whether this is going to work on one-way SSL or two-way SSL?
2)What I did was...
Design:
I created keystore and truststore in Broker.Added Root,intermediate and signed certificates from CA.Added this for execution group where I have deployed SOAP message flow(SOAP Input node with HTTP transport set as HTTPS).
I just restarted the broker then.
Testing
I tested this flow by using Soap-ui tool.I used https://____ as the url in soapui testing.And when I use https ,the flow worked and gave proper output.When I use http,then the testing failed.
3)As the above POC worked ,where I installed certificate only in broker ,is it only One-way SSL that I used? how to configure for Two-way SSL (any reference please? ).Generally,the preference would be One-way or Two-way SSL?
4)For enabling SSL in SOAP ,whether checking the HTTPS property in the HTTP transport node of SOAP node would suffice? Or we need to set up WS-Security?
5)As the above mentioned POC worked,I just want to know how this internally works? After setting up everything I didnt install any certificates while testing.. I am not sure how SSL worked using Soapui tool after my configurations at Execution group level.
.Though I read through ibm sites and some forum,still I feel I am not clear on how this works and I have got the above doubts...Please help me on this.. |
|
| Back to top |
|
 |
| bielesibub |
| Posted: Fri Oct 25, 2013 8:15 am Post subject: |
|
|
Apprentice
Joined: 02 Jul 2008
Posts: 40
Location: Hampshire, UK
|
1) Yes, you should ask if you require SSL one-way or two-way.
2) Thats good.
3) clientAuth, its set at execution group level. This is for mutual (two-way) authentication.
4) Enabling SSL in SOAP? In simple terms, TLS/SSL is for securing the pipe, WS-Security is for securing the message
5) The POC has worked, if you only wanted to secure the connection to broker, it has failed if you wanted any kind of guarantee of knowing who it was that is connecting to you, it has also failed if you wanted any certainty that the message sent to the broker was infact the actual message sent from the consumer.
WS-Security, actually IT security in general is sadly a very necessary pain in the backside, which IMHO, is poorly understood (see your point 3) and poorly implemented in many places!
I feel like I've been drowning in it for the past 3 years! |
|
| Back to top |
|
|
| GeneRK4 |
| Posted: Sun Oct 27, 2013 5:40 pm Post subject: |
|
|
Master
Joined: 08 Jul 2013
Posts: 220
|
Thank you very much ...I was waiting for someone to answer for my doubts for a long time..Thanks much  |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
