Enable SSL encryption for published Web Services

If you want external Web Services clients to use an SSL connection with the Service Manager server, you must provide them with the CA certificate for the Service Manager server. If you purchased a server certificate, copy the CA certificate from the CA certificate keystore provided with your purchased certificate. If you generated your own server certificate by using a self-signed private CA certificate, copy the CA certificate from your private CA certificate keystore instead.

Note: We recommend you do not use the Service Manager sample server CA certificate because the sample certificate uses a canonical name (CN) for the server which will not match your actual server name. The best practice is to purchase or create a valid certificate for the Service Manager server in order to establish an SSL-encrypted connection with external web service clients.

  1. Copy the keystore that contains the CA certificate that signed your server's certificate, and send it to the systems running the external Web services clients. Out-of-box, the Service Manager uses a sample CA certificates keystore as part of the web tier.

    Note: We recommend using a CA certificate that you created or purchased instead of the default Service Manager CA certificate.

  2. Import the CA certificate of the Service Manager system into the CA certificate keystore of the external Web Services client. You may use a tool like keytool to import Service Manager's CA certificate.
  3. Configure the external Web Services client to use the update CA certificate keystore. Follow the instructions for your Web Services client to set the path to the CA certificate keystore.
  4. Update the endpoint URL the external Web Services clients use to include the HTTPS protocol. For example, https://myserver.mydomain.com:13443/SM/7/ws. Follow the instructions for your Web Services client to update the endpoint URL.

    Note: The endpoint URL must use the Service Manager server's common name (CN) as defined in the server certificate. For example, if the server certificate uses the name myserver.mydomain.com, then the endpoint URL must also use the name myserver.mydomain.com.

    Note: If you want the external Web Service clients to download the Service Manager Web Service WSDL, point them to a URL using the following format:
    https://myserver.mydomain.com:13443/SM/7/<Service Name>.wsdl

Related topics

Secure Sockets Layer (SSL) encryption and server certificates
Example: Generating a server certificate with OpenSSL
Example: Viewing the contents of a cacerts file

Related topics

Enable SSL encryption for external Web Services
Update the cacerts keystore file