Question

4
Replies
812
Views
 Gordian Bartel (GordianB)
Infosys Limited

Infosys Limited
DE
GordianB Member since 2014 2 posts
Infosys Limited
Posted: July 1, 2016
Last activity: July 14, 2016
Posted: 1 Jul 2016 7:45 EDT
Last activity: 14 Jul 2016 18:09 EDT
Closed

Use Websphere truststore for Connect-SOAP

Hi all,

the regular approach for using an SSL secured connection for a Connect-SOAP call would be adding the CA certificate as a truststore instanz, referencing this truststore in a WS-Security profile and using this WS-Security profile in the Connect-SOAP rule.

The current business requirement is to not put the truststore inside PRPC again, but to use the ones installed on the WebSphere Application Server. Do you know if and how it is possible to configure the connector rule resp. the WS-Security profile to point to certificates installed outside PRPC?

Thanks and best regards,

Gordian

Data Integration Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 5 years ago
Posted: 1 Jul 2016 9:45 EDT
Jeff Houle (HOULJ)
PEGA
Senior Software Engineer
Pegasystems Inc.
US

Hi Gordian,

Pega is designed to use the Application Server-level trust store by default. The trust store in the WS Security Profile is an option for those who cannot install the CA certificates at the application server or do not wish to do so (or when needed for actual WS Security purposes rather than just SSL).

I encourage you to install the CA certificates in the Application Server's trust store and attempt use of your SOAP Connector.

To help us further understand your situation, please provide these details:

  1. Pega Version
  2. WebSphere Version
  3. Java version

thanks,

- Jeff
Posted: 5 years ago
Updated: 5 years ago
Posted: 5 Jul 2016 2:31 EDT
Updated: 5 Jul 2016 2:46 EDT
Gordian Bartel (GordianB)
Infosys Limited

Infosys Limited
DE

Hi Jeff,

thanks for your answer - our setup is:

  1. Pega 7.1.8
  2. IBM WebSphere Application Server/8.5 (WAS 8.5.5.4)
  3. Java VM vendor / version: IBM Corporation / 2.7

The certificates were deployed in the application server's trust store on JVM level. Apparently this should work, but how do I configure the connector?

Connect SOAP Advanced.PNG

How do I point a WS security profile to the application server's trust store?

Thanks,

Gordian
Posted: 5 years ago
Posted: 14 Jul 2016 18:09 EDT
Jeff Houle (HOULJ)
PEGA
Senior Software Engineer
Pegasystems Inc.
US

If your trust store is configured at the application server level, Pega should be able to find it without any intervention on your part, as it will ask the JRE for the available truststores.


How was this trust store set up for your WAS installation?
Posted: 5 years ago
Posted: 10 Jul 2016 21:22 EDT
Kevin Zheng (KevinZheng_GCS)
PEGA
Director, Software Solutions Engineering
Pegasystems Inc.
US

Your security profile would have to be created, which depends on the the truststore data instance (all within the scope of pega), see this link for details: https://pdn.pega.com/sites/pdn.pega.com/files/help_v721/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-wssecurityprofile/main.htm#kanchor3509