Software AG Products 10.7 | Configuring API Gateway | API Gateway Architecture | Reverse Invoke Configuration in API Gateway | Connecting Integration Server in Green Zone to API Gateway in DMZ | Importing a Certificate and Mapping to User
 
Importing a Certificate and Mapping to User
You can import client certificates and CA signing certificates through Integration Server Administrator to keep them on file, map them to particular user accounts, and specify how they are to be used. The user mapping to the certificate must be performed on the external server.
Keep the following points in mind before importing and mapping certificates:
*To create an SSL connection between Integration Server and an Internet resource that will serve as a client, you also need to import a copy of the client's SSL signing certificate (CA certificate).
*Although Integration Server supports loading certificates for LDAP users, Software AG recommends using central user management and then configuring LDAP and certificates in My webMethods Server.
*To import a client certificate and map it to a user
1. Open the Integration Server Administrator.
2. Navigate to Security > Certificates.
3. Click Configure Client Certificates.
The Configure Client Certificates window is displayed.
4. Enter the path of the certificate that you wish to import, in the Certificate Path field.
Note:
The certificate must be on the same machine on which the Integration Server is running.
5. Type a user name or click search icon to search for and select a user.
To search a user, perform one of the following tasks, once you click the search icon:
*To select a local user, select Local in the Provider list. Select the local user to which you want to map the certificate. If you have not configured an external user directory, you cannot view the Provider list.
*To select a user from an external directory (LDAP or a central user directory), select the user directory that you want to search, in the Provider list. In the Search field, enter the criteria that you want to user to find a user and click Go. Select the user to which you want to map the certificate.
6. Select one of the following options from the Usage field.
*SSL Authentication. Use the certificate to represent the client's authentication credentials when making an SSL connection with Integration Server.
*Verify. Use the certificate's public key to verify the authenticity of documents, messages, or streams originating from the client and containing a digital signature.
*Encrypt. Use the certificate's public key to encrypt outgoing documents, messages, or streams from Integration Server to the client.
*Verify and Encrypt. Use the same certificate both to verify the authenticity of documents, messages, or streams originating from the client and containing a digital signature, and to encrypt outgoing documents, messages, or streams from Integration Server to the client.
*Message Authentication. Use the certificate to represent the client's authentication credentials when making an SSL connection with Integration Server, when using message-level rather than transport-level authentication (for example, with web service messages whose SOAP message headers contain SSL certificate information).
7. Click Import Certificate.