SSL authentication using the SDK

SSL Authentication

SSL and TLS protocols used with HTTP allow to authenticate SDK client application with the WebSphere Application Server. For such HTTPS connections the SDK does not perform SSL authentication by default.

SSL authentication is able to authenticate the server by the client, but also to authenticate the client by the server.

If you want to authenticate the server by the SDK client application you have to establish a trust store in which the server certificate is loaded and establish a trust manager that uses this trust store to authenticate the server. The trust manager can be established with one of the following methods:

  • Invoke HttpUtil.setTrustManager(null); in the client application program using the SDK. This results in using a TrustManager identified by Java. The certificate of the WebSphere Application Server must be stored in this trust store. The trust store and trust store password can be provided by Java system properties as follows:
    -Djavax.net.ssl.trustStore=myTruststore.jks
-Djavax.net.ssl.trustStorePassword=mytspw
  • Introduce a TrustManager according to the application needs in the client application using the SDK and provide it to the SDK using the HttpUtil.setTrustManager(TrustManager[] trustManager) method.

If the WebSpere Application Server is configured to authenticate the client application you have to establish a key store in which the private key of the client is loaded and establish a key manager that uses this key store to authenticate the client. The certificate containing the public key of the client must be extracted and stored in the trust store of the WebSpere Application Server. The key manager can be established with one of the following methods:

  • By default a KeyManager identified by Java is used. The key store and key store password can be provided by Java system properties as follows:
    -Djavax.net.ssl.keyStore=myKeystore.jks
-Djavax.net.ssl.keyStorePassword=mykspw
  • Introduce a KeyManager according to the application needs in the application using the SDK and provide it to the SDK using the HttpUtil.setKeyManager(KeyManager[] keyManager) method.
Note: The Java utility ikeyman might be used to maintain the mentioned key store and trust store of the application program. The mentioned WebSpere Application Server trust store and key store are maintained with WebSpere Application Server administrative facilities.
Parent topic: RESTful web services SDK