Connection Options
CloudStreams supports the latest versions (1.1 and 1.2) of the Transport Layer Security (TLS) standard.
For increased security, SaaS providers have started using the latest TLS versions, for example, TLS Version 1.2. Some of these providers may not take care of CloudStreams requests with an older version, for example, TLS v1.0.
To use TLS Version 1.1 and 1.2 for CloudStreams connection requests, from the Settings menu in Integration Server Administrator, click Extended and add watt.net.ssl.client.useJSSE=true in the Extended Settings pane to use the latest TLS version. It is recommended to restart the Integration Server. In most cases, only this property is required for SaaS providers like Salesforce. In some cases, where you want to force usage of any other protocol, for example, SSLv3, or a particular version of TLS properties, use the following properties:
watt.net.jsse.client.enabledProtocols
watt.net.ssl.client.handshake.minVersion
See the webMethods Integration Server Administrator’s Guide for desired values of these properties.
Configuring a connection trust store
For some SaaS back ends, the underlying JVM trust store may have the required certificates and you may not need to follow this procedure. But for back ends that have certificates that are not part of the JVM trust store, create and apply a new trust store in Integration Server with the certificates of the SaaS back end. This is a standard practice for setting up secure exchange of certificates. If the trust store is not present, in such cases, certificate related errors will appear.
To set up secure exchange of certificates, create a JKS trust store with the certificates of the SaaS back end. The trust store should contain all the certificates present in the certificate chain. Apply the trust store at Security > Keystore on the Integration Server Administrator screen, and use that trust store alias in your CloudStreams connection in the Trust Store field.
To know more about creating trust stores and applying them in Integration Server, see the Securing Communications with the Server section in the webMethods Integration Server Administrator’s Guide. Also see the Trust store Alias section in the relevant CloudStreams Provider document to find the connection's advanced property, for applying the trust store in the connection.
Note: | You can also create trust stores using publicly available tools. |
If connection enablement or service execution fails with time out related errors, for example, "Read Timeout" or "Timeout waiting for a connection", configure the CloudStreams connections for time out values. In case the network is slow or the back end processing takes longer than usual, increase the Connection Timeout and the Socket Read Timeout values to three or four minutes. Based on the server responsiveness and network conditions, you may have to further increase or decrease this value. If you specify 0, the connection waits indefinitely but a value of 0 should be used only for debugging purposes and not in production environments because it can indefinitely block a connection. The correct time out values are not fixed and may vary based on the SaaS provider, load, network responsiveness, latency, and various other factors. See the webMethods CloudStreams FAQ and Troubleshooting Guide for information on the errors.