Question

4
Replies
739
Views
GordianB Member since 2014 2 posts
Infosys Limited
Posted: 4 years ago
Last activity: 4 years 2 months ago
Closed

Use Websphere truststore for Connect-SOAP

Hi all,

the regular approach for using an SSL secured connection for a Connect-SOAP call would be adding the CA certificate as a truststore instanz, referencing this truststore in a WS-Security profile and using this WS-Security profile in the Connect-SOAP rule.

The current business requirement is to not put the truststore inside PRPC again, but to use the ones installed on the WebSphere Application Server. Do you know if and how it is possible to configure the connector rule resp. the WS-Security profile to point to certificates installed outside PRPC?

Thanks and best regards,

Gordian

Data Integration Security
Close popover
Moderation Team has archived post
Posted: 4 years ago

Hi Gordian,

Pega is designed to use the Application Server-level trust store by default. The trust store in the WS Security Profile is an option for those who cannot install the CA certificates at the application server or do not wish to do so (or when needed for actual WS Security purposes rather than just SSL).

I encourage you to install the CA certificates in the Application Server's trust store and attempt use of your SOAP Connector.

To help us further understand your situation, please provide these details:

  1. Pega Version
  2. WebSphere Version
  3. Java version

thanks,

- Jeff

Posted: 4 years ago
Updated: 4 years ago

Hi Jeff,

thanks for your answer - our setup is:

  1. Pega 7.1.8
  2. IBM WebSphere Application Server/8.5 (WAS 8.5.5.4)
  3. Java VM vendor / version: IBM Corporation / 2.7

The certificates were deployed in the application server's trust store on JVM level. Apparently this should work, but how do I configure the connector?

Connect SOAP Advanced.PNG

How do I point a WS security profile to the application server's trust store?

Thanks,

Gordian

Posted: 4 years ago

If your trust store is configured at the application server level, Pega should be able to find it without any intervention on your part, as it will ask the JRE for the available truststores.


How was this trust store set up for your WAS installation?
Share this page LinkedIn
Copied!