Configuring Integration Server as an SSL Client
In addition to the general SSL configuration tasks identified in
Preparing to Configure SSL in
Integration Server , to configure SSL/TLS as an SSL client, you must also create ports, specify allowed SSL/TLS protocols, and set the allowed cipher suites.
To configure Integration Server as an SSL client, complete the following SSL-client specific tasks:
1. Specify SSL/TLS protocols for outbound communication. To specify the allowed SSL/TLS protocols for communication with an Integration Server acting as an SSL client, you actually identify which SSL/TLS protocols are explicitly disabled in the watt.net.jsse.client.disabledProtocols server configuration parameter.
For more information regarding how
Integration Server uses the disabled list of SSL/TLS protocols to determine which SSL/TLS protocols are allowed, see
Supported SSL/TLS Protocols.
Note:
If Integration Server is not using JSSE to secure outbound communications and is instead using TLSv1.0 earlier, less secure protocols of SSL/TLS, the values of the watt.net.ssl.server.handshake.minVersion and watt.net.ssl.server.handshake.maxVersion server configuration parameters determine the enabled protocols. TLSv1.0 is not secure.
2. Specify allowed cipher suites for outbound communication.
The watt.net.jsse.client.enabledCipherSuiteList specifies the cipher suites or outbound SSL connections when using JSSE to secure connections. For more information about identifying enabled cipher suites, see
Specifying Cipher Suites for Use with
SSL.
Note:
If Integration Server is not using JSSE to secure outbound communications and is instead using TLSv1.0, the watt.net.ssl.client.cipherSuiteList and watt.net.ssl.client.strongcipheronly parameters determine the allowed cipher suites.
3. Ensure that outbound connections use JSSE. If you are using JSSE for outbound communication, which is strongly recommended, make sure that the following server configuration parameters are set to true that outbound connections initiated through Integration Server APIs use JSSE.
watt.net.ssl.client.useJSSE controls the use of JSSE for all outbound HTTPS connection.
watt.net.ssl.client.ftps.useJSSE controls the use of JSSE for outbound FTPS traffic.
watt.net.ssl.email.client.useJSSE controls the use of JSSE for outbound SMPT connections.
Note:
Settings on individual service invocations can override the global settings controlled by the above server configuration parameters. For example, the useJSSE input parameter for the pub.client:http service overrides the value of watt.net.ssl.client.useJSSE for that particular service invocation. For more information about using JSSE with the pub.client:http, pub.client:ftp, and other services, see webMethods Integration Server Built-In Services Reference
Note:
Integration Server can present a single client certificate to all SSL servers or it can present different client certificates to different SSL servers. For information about using multiple client certificates with SSL servers, see
Using Multiple Client Certificates with SSL
Servers.