Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Websphere SSL - Sharing Public Key

Posted on 2008-10-14
4
Medium Priority
?
760 Views
Last Modified: 2013-12-11
Hi,

I am in  urgent need of a solution. Request your help.

I am using JSCH API to FTP documents to a third party site.  I am able to connect to their site by supplying credentials but they have told us that they would not accept credentials but only Public key.

From the websphere console, I went to SSL Configuration tab, and under 'Manage End Points, from the outbound node, I configured to use the default self-signed certificate for the cell.

I am assuming that I should be sharing the 'serverCertificate.arm' file under etc folder to this third-party.


My question is: Will this setting enable my application to connect to the third-party server without me writing Custom SSLFactory?

Thanks




0
Comment
Question by:pattabi23in
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 41

Accepted Solution

by:
HonorGod earned 2000 total points
ID: 22721358
It depends.

From your description, it sounds like you have an application that executes on
your application server that initiates the connection to the third part site.  Is that correct?

If so, then, you need to extract the public portion of the certificate being used, and provide that to the third party.  Here is a page from the 6.1 documentation that discusses certificate management:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/csec_sslcertmanadmin.html

On the other hand, if the request for an SSL connection comes from the third part site, then the "public" key that you need to share with the third party site should be that of your web server, not your application server.

Hopefully, this make sense to you.
0
 

Author Comment

by:pattabi23in
ID: 22721683
Thank you for the response. Yes, my application code executing on my App server is initiating the connection.
So my understanding from your response is that once I share the public portion of the key, Websphere (network layer?) will take care of handshake without any SSL specific changes in my code. Another application within our company is using SSL api to create SSLSocket factory and SSLContext - attached code snippet). I guess this is not required if I have this configuration setup through Admin console. Right?


Thanks  

   


code-snippet.txt
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 22724891
Q: ... once I share the public portion of the key, Websphere
     will take care of handshake without any SSL specific changes in my code.
     Is this correct?

A: Yes

Q: Do we need to use an SSL API to do this?
A: I don't believe so, but I guess it depends upon how your code
    opens the connect to the destination.  That is an interesting question.
    I know that should an SSL connection from a remote application (e.g.,
    a browser) be established to the web server, the connection from the
    web server (i.e., the WebSphere plugin portion of the web server)
    doesn't have to use an SSL connection to connect to the application
    server (but it can).  Once the connection is established between the
    plugin and the application server, the WebContainer will route the
    request to the specific application in question, and that application
    does not know, nor should it care whether or not the data was
    sent over an SSL, or standard HTTP session.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 22724930
Thanks for the grade & points!

Good luck & have a great day
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question