| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Multiple Certificates in Truststore |
« View previous topic :: View next topic » |
| Author |
Message
|
| Angshuman |
 Posted: Fri Feb 03, 2012 3:10 am Post subject: Multiple Certificates in Truststore |
 |
|
Apprentice
Joined: 30 Apr 2009
Posts: 29
|
Hi,
I have a requirement wherein i need to invoke one of the multiple secured web-services(Target). I am using just 1 HTTP Request node and creating the URLs dynamically based on the input message coming in.
Each of the target web-services(1 for each store and we have over 1000 stores) is having different certificates.
So I will have to put all those signed provider certificates in the broker truststore.
Now my query is - how do I associate each of the certificates with the request that I make?
From what I could understand is provider system will send the digital certificate at the first place, and broker will see if the authenticated certificate is present in the truststore (Broker does a search for all the certificates in the truststore).
Please correct me if I am wrong.
If the above is correct, will the performance not go for a toss, when we have more number of certificates in the truststore(In my case there will be more than 1000 different signed certificates in truststore). |
|
| Back to top |
|
 |
| lancelotlinc |
| Posted: Fri Feb 03, 2012 5:42 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
First off, you should be using SOAPRequest node, not HTTPRequest node.
Secondly, when you follow the guidance provided in InfoCentre related to WMB interaction with Web Services using SOAPRequest nodes, the WMB runtime very nicely handles the selection of the correct certificate.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| tdolby |
| Posted: Fri Feb 03, 2012 7:08 am Post subject: |
|
|
Newbie
Joined: 29 Jun 2004
Posts: 8
|
When you say
| Quote: |
| Each of the target web-services(1 for each store and we have over 1000 stores) is having different certificates. |
do you mean that they all have certificates issued by different authorities (self-signed counts as this, too)? Or are they simply different certificates issued by the same authority (VeriSign, an internal CA, etc)?
If the certificates for all the servers were issued by the same authority, then you would normally only add the issuer cert to the broker truststore. This is similar to the way a web browser works: you don't need to add a new certificate for each server on the Internet, because most of the servers use a small set of Certificate Authorities (issuers) and the browsers already trust those issuers.
All of this assumes the you are only doing one-way authentication, and not mutual (or two-way); there are extra rules for two-way.
_________________
Trevor Dolby
IIB Development |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
