Question

4
Replies
775
Views
Close popover
Gordian Bartel (GordianB)
Infosys Limited

Infosys Limited
DE
View Profile
GordianB Member since 2014 2 posts
Infosys Limited
Posted: July 1, 2016
Last activity: July 14, 2016
Closed

Use Websphere truststore for Connect-SOAP

Hi all,

the regular approach for using an SSL secured connection for a Connect-SOAP call would be adding the CA certificate as a truststore instanz, referencing this truststore in a WS-Security profile and using this WS-Security profile in the Connect-SOAP rule.

The current business requirement is to not put the truststore inside PRPC again, but to use the ones installed on the WebSphere Application Server. Do you know if and how it is possible to configure the connector rule resp. the WS-Security profile to point to certificates installed outside PRPC?

Thanks and best regards,

Gordian

Data Integration Security
Close popover
Moderation Team has archived post
Posted: 4 years ago
Close popover
Jeff Houle (HOULJ)
PEGA
Senior Software Engineer
Pegasystems Inc.
US
View Profile

Hi Gordian,

Pega is designed to use the Application Server-level trust store by default. The trust store in the WS Security Profile is an option for those who cannot install the CA certificates at the application server or do not wish to do so (or when needed for actual WS Security purposes rather than just SSL).

I encourage you to install the CA certificates in the Application Server's trust store and attempt use of your SOAP Connector.

To help us further understand your situation, please provide these details:

  1. Pega Version
  2. WebSphere Version
  3. Java version

thanks,

- Jeff

Posted: 4 years ago
Updated: 4 years ago
Close popover
Gordian Bartel (GordianB)
Infosys Limited

Infosys Limited
DE
View Profile

Hi Jeff,

thanks for your answer - our setup is:

  1. Pega 7.1.8
  2. IBM WebSphere Application Server/8.5 (WAS 8.5.5.4)
  3. Java VM vendor / version: IBM Corporation / 2.7

The certificates were deployed in the application server's trust store on JVM level. Apparently this should work, but how do I configure the connector?

Connect SOAP Advanced.PNG

How do I point a WS security profile to the application server's trust store?

Thanks,

Gordian

Posted: 4 years ago
Close popover
Jeff Houle (HOULJ)
PEGA
Senior Software Engineer
Pegasystems Inc.
US
View Profile

If your trust store is configured at the application server level, Pega should be able to find it without any intervention on your part, as it will ask the JRE for the available truststores.


How was this trust store set up for your WAS installation?

Posted: 4 years ago
Close popover
Kevin Zheng (KevinZheng_GCS)
PEGA
Director, Software Solutions Engineering
Pegasystems Inc.
US
View Profile

Your security profile would have to be created, which depends on the the truststore data instance (all within the scope of pega), see this link for details: https://pdn.pega.com/sites/pdn.pega.com/files/help_v721/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-wssecurityprofile/main.htm#kanchor3509
Share this page Share via LinkedIn Copying...
Copied!