Java 5 / WebSphere 6.1 SSL Client Outbound Call

Everyone

In WAS 6.1 I want to set our ClientTrustStore.JCEKS file to an SSL call.
It used to work in WAS 5.1.

We migrated to WAS 6.1.
I have seen variations of using  package classes  'com.ibm.ssl.*' and hte IBM jsseHelper class.

Can someone give me a tip of how to correctly code an SSL call in WAS 5.1?

Thanks



public static String routeRequests(String endPoint, String xmlXML)throws ProcessMeException,RemoteException,AuthenticationFault,InvalidXMLFault, InternalServerException,InvalidDataException {
		String xmlResponse="";
		
		ProcessMeEJBProxy ProcessMeEJBProxy = new ProcessMeEJBProxy();
		
		ProcessMeEJBProxy.setEndpoint(endPoint);
		
		//System.setProperty("javax.net.ssl.trustStore", "C:\\keyStore\\clienttruststore.jceks" );
		System.setProperty("javax.net.ssl.trustStore", "/etc/opt/WebSphereKeys/consapp/clienttruststore.jceks" );
	        
	        xmlResponse = ProcessMeEJBProxy.process(xmlXML);
		
		return xmlResponse;
	}

Open in new window

fshtankAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CEHJCommented:
0
fshtankAuthor Commented:
Thanks for the reply.

I had our ADMIN make the change at our NODE level.
It had paralyzed several systems & prevented one of our nodes from starting.
Wasted hours for research.

Very Messy - and implementing the change (just for our application) would be extensive.

It will only live in STAGE for testing.
This will not go to PROD - so we are going the path of putting it in code.
0
CEHJCommented:
That's strange - it's meant almost to be a control panel issue isn't it? And should only need to be done on the one server
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

AdminRAMCommented:
Hi

Check this

Here is an example that creates an SSLEngine. Note that the server name and port number are not used for communicating with the server--all transport is the responsibility of the application. They are hints to the JSSE provider to use for SSL session caching, and for Kerberos-based cipher suite implementations to determine which server credentials should be obtained.

import javax.net.ssl.*;
import java.security.*;

// Create/initialize the SSLContext with key material

char[] passphrase = "passphrase".toCharArray();

// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testKeys"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testTrust"), passphrase);


more detail see the following link
http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2RefGuide.html

0
fshtankAuthor Commented:
Hey AdminRAM - I will try your solution in code and see how that plays in our standalone application.  This could.

CEHJ - actually you are right - it was a console issue.
The SSL CERT was supposed to be applied at the NODE 'and the' cell level.
We are using a managed console and having the SSL cert at the NODE broke the CELLS communication to the NODE.
0
AdminRAMCommented:
Hello

In v6.1 truststore is common for all nodes in ND env.

which is celldefaulttruststore shared by all nodes in that cell env
any outbound ssl call it will use certificates reside under singer certificate of this celldefaulttruststore.

Really you don't need to hard code with any keystore and truststore for creates an SSLEngine. You can leave websphere to decide it own ssl engine.

In v6.1 make so easy .... you use dynamic outbound ssl configuration. check the following link

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/usec_ssldynendconf.html
0
fshtankAuthor Commented:
The problem in our environment is the separation of roles - and my inability to work directly in the target environment's ADMIN console.

Updating the TrustStoreKey resolved the issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java App Servers

From novice to tech pro — start learning today.