Integration Server 10.15 | Web Services Developer’s Guide | WS-Security Certificate and Key Requirements | Certificate and Key Requirements for WS-Security | Requirements When Using Asymmetric Binding
 
Requirements When Using Asymmetric Binding
The following table describes the certificates and keys to which Integration Server requires access when using asymmetric bindings.
To use asymmetric binding to...
Certificates and Keys Required
Sign outbound messages
The sender of the outbound message requires a private key, which it uses to sign the message. The private key must correspond to the public key that the partner will use to verify the signature.
Verify signed inbound messages
The receiver of the inbound message requires a public key to verify the signature. The public key must correspond to the private key that the partner used to sign outbound messages.
Additionally, if the signing certificate will be validated to ensure that it is signed by a truststore, a web service needs access to the certificate file containing the trusted root of the signing CA (truststore).
Encrypt outbound messages
The sender of the outbound message requires the partner’s certificate with the public key, which it uses to encrypt the message.
Decrypt inbound messages
The receiver of the inbound message requires a private key to decrypt the message. The private key must correspond to the public key that the partner used to encrypt the outbound message.