Enable SSL encryption for external Web Services

If you want to connect to external Web Services using an SSL connection, you must import the CA certificate that signed the external Web serivce certificate into the CA certificate keystore for the Service Manager server. If you purchased a server certificate, import the external Web services CA certificate in the CA certificate keystore provided with your purchased certificate. If you generated your own server certificate by using a self-signed private CA certificate, then import the external Web Services CA certificate into your private CA certificate keystore instead.

Note: In this SSL scenario, the Service Manager server acts as a client of the external web service and must present the external web service with a valid certificate. If the external Web Service requires client authentication, you cannot use the Service Manager sample server certificate because the external web service will not recognize the signing authority of the sample certificate, and because the sample certificate uses a common name (CN) for the Service Manager host which will not match your actual Service Manager host name. We recommend you purchase or create a valid certificate for the Service Manager host in order to establish an SSL-encrypted connection with external Web Services.

  1. Import the CA certificate of the external Web Service into the CA certificate file of the Service Manager system. You may use a tool like keytool to import the external Web Service's CA certificate.
  2. Stop the Service Manager server.
  3. Open the Service Manager initialization file (sm.ini) with a text editor.
  4. Add the following parameters to require SSL encryption using the external Web Service's signed certificate.
    • keystoreFile – Identify the keystore file containing the Service Manager server's certificate and private key
    • keystorePass – Identify the password to the keystore file containing the Service Manager server's certificate and private key
    • truststoreFile:cacerts – Identify the keystore file containing the external Web Service's CA certificate.
    • truststorePass – Identify the password to the keystore file containing the external Web Service's CA certificate
  5. Save the Service Manager initialization file.
  6. Restart the Service Manager server.
  7. Login to the Service Manager system with an administrator.
  8. Click Tailoring > Web Services > Run WSDL to JS.
  9. Update the endpoint URL to the external Web Service to include the HTTPS protocol. For example, https://remote_server.remote_domain.com:13445/remote_service.wsdl.

    Note: The endpoint URL must use the same server name as the common name (CN) listed in the external server certificate. For example, if the certificate uses the name remote_server.remote_domain.com, then the endpoint URL must also use the name remote_server.remote_domain.com.

  10. Complete the wizard to connect to the external Web Service and convert it's WSDL into local JavaScript proxy code.

Related topics

Secure Sockets Layer (SSL) encryption and server certificates
Example: Generating a server certificate with OpenSSL
Example: Viewing the contents of a cacerts file

Related topics

Enable SSL encryption for published Web Services
Update the cacerts keystore file