Java 5 / WebSphere 6.1 SSL Client Outbound Call

Everyone

In WAS 6.1 I want to set our ClientTrustStore.JCEKS file to an SSL call.
It used to work in WAS 5.1.

We migrated to WAS 6.1.
I have seen variations of using  package classes  'com.ibm.ssl.*' and hte IBM jsseHelper class.

Can someone give me a tip of how to correctly code an SSL call in WAS 5.1?

Thanks



public static String routeRequests(String endPoint, String xmlXML)throws ProcessMeException,RemoteException,AuthenticationFault,InvalidXMLFault, InternalServerException,InvalidDataException {
		String xmlResponse="";
		
		ProcessMeEJBProxy ProcessMeEJBProxy = new ProcessMeEJBProxy();
		
		ProcessMeEJBProxy.setEndpoint(endPoint);
		
		//System.setProperty("javax.net.ssl.trustStore", "C:\\keyStore\\clienttruststore.jceks" );
		System.setProperty("javax.net.ssl.trustStore", "/etc/opt/WebSphereKeys/consapp/clienttruststore.jceks" );
	        
	        xmlResponse = ProcessMeEJBProxy.process(xmlXML);
		
		return xmlResponse;
	}

Open in new window

fshtankAsked:
Who is Participating?
 
CEHJCommented:
That's strange - it's meant almost to be a control panel issue isn't it? And should only need to be done on the one server
0
 
CEHJCommented:
0
 
fshtankAuthor Commented:
Thanks for the reply.

I had our ADMIN make the change at our NODE level.
It had paralyzed several systems & prevented one of our nodes from starting.
Wasted hours for research.

Very Messy - and implementing the change (just for our application) would be extensive.

It will only live in STAGE for testing.
This will not go to PROD - so we are going the path of putting it in code.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
AdminRAMCommented:
Hi

Check this

Here is an example that creates an SSLEngine. Note that the server name and port number are not used for communicating with the server--all transport is the responsibility of the application. They are hints to the JSSE provider to use for SSL session caching, and for Kerberos-based cipher suite implementations to determine which server credentials should be obtained.

import javax.net.ssl.*;
import java.security.*;

// Create/initialize the SSLContext with key material

char[] passphrase = "passphrase".toCharArray();

// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testKeys"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testTrust"), passphrase);


more detail see the following link
http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2RefGuide.html

0
 
fshtankAuthor Commented:
Hey AdminRAM - I will try your solution in code and see how that plays in our standalone application.  This could.

CEHJ - actually you are right - it was a console issue.
The SSL CERT was supposed to be applied at the NODE 'and the' cell level.
We are using a managed console and having the SSL cert at the NODE broke the CELLS communication to the NODE.
0
 
AdminRAMCommented:
Hello

In v6.1 truststore is common for all nodes in ND env.

which is celldefaulttruststore shared by all nodes in that cell env
any outbound ssl call it will use certificates reside under singer certificate of this celldefaulttruststore.

Really you don't need to hard code with any keystore and truststore for creates an SSLEngine. You can leave websphere to decide it own ssl engine.

In v6.1 make so easy .... you use dynamic outbound ssl configuration. check the following link

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/usec_ssldynendconf.html
0
 
fshtankAuthor Commented:
The problem in our environment is the separation of roles - and my inability to work directly in the target environment's ADMIN console.

Updating the TrustStoreKey resolved the issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.