Configuring the Secure Sockets Layer

The Secure Sockets Layer (SSL) is required by inbound services of HCL Commerce to use SOAP/HTTPS.

Procedure

  1. Inspect and obtain the server certificate:
    1. Use Internet Explorer on any Windows machine to go to the endpoint URL /wsdl. For example, https://mycompany.com:8000/webapp/wcs/services/PaymentServices/wsdl.
      Note: If you get a security alert with a warning such as " The name on the security certificate is invalid or does not match the name of the site", follow step 2 to generate a new server certificate because the issuer of the certificate does not match the name of the site (for example, mycompany.com). You can use the View Certificate option to view the issuer of the certificate. By default, the HCL Commerce installation process should configure the Web server to use a self-signed certificate from "Dummy Certificate".
  2. Generate a new server certificate if you get a warning that the name on the security certificate is invalid or does not match the name of the site:
    1. By default, the HCL Commerce installation process should configure the Web server to use the following key database file: /httpconf/trust/keyfile.kdb
    2. Use any key management utility that supports CMS to open the file.
      Note: The key database type should be "CMS". The password should be ibmkey.
    3. You should see "Dummy Certificate" on the list of Personal Certificates. Click New Self-Signed to create a new self-signed certificate. The common name must be the hostname of the site (for example, company.com).
    4. Delete the dummy certificate and close the key management utility.
    5. Close the key management utility to save the changes.
    6. Repeat step 1. You should get a security alert without the warning.
  3. Extract the self-signed certificate and add it to a new key database file:
    1. Using the key management utility, open keyfile.kdb, select the self-signed certificate, and click Extract Certificate to extract the certificate to a file
    2. Using the key management utility, select Key Database File > New to create a new key database file.
      Note: The key database type should be "JKS". Type the name and password for the database file which will be used in step 4 to configure the Web services client.
    3. Select Signer Certificates, and click Add to add the self-signed certificate to the key/trust store file. Type the certificate label.
    4. Close the key management utility to save the changes.
  4. Configure the Web services client to reference the key database file:
    1. Add the following lines to the Web services client code:
      
      System.setProperty("javax.net.ssl.trustStore","
      filename");
      System.setProperty("javax.net.ssl.trustStorePassword","
      password");
      System.setProperty("javax.net.ssl.keyStore","
      filename");
      System.setProperty("javax.net.ssl.keyStorePassword","
      password");
      
      Where:
      filename
      Is the filename of key database file created in step 3, for example, C:/key.jks.
      password
      Is the password of the key database file.
      Alternatively, you can add those properties as command line arguments, for example, -Djavax.net.ssl.trustStore= filename.