Software AG Infrasructure 10.7 | Working with Web Services | Configuring Web Service Security | Setting Up Transport-Level Security | Configuring Software AG Runtime to Use SSL at the Server Side
 
Configuring Software AG Runtime to Use SSL at the Server Side
You set up Software AG Runtime to use the HTTPS transport for web service communication by configuring an SSL connector.
Important:
Normally when you use Axis 2 in a web container, you must define the connector in the container and in the axis2.xml file. Software AG Runtime automatically registers the transport listener for you based on the HTTPS connector. If you define the use of HTTPS transport in the services.xml file, do not define a transport listener in the axis2.xml file.
Go to the Software AG_directory /profiles/CTP/configuration/com.softwareag.platform.config.propsloader directory and open the com.softwareag.catalina.connector.https.pid-port.properties file. Then set the properties described in the following table.
Property
Description
clientAuth
Whether to require a certificate from the client. Valid values are:
*true - require a valid certificate chain from the client before accepting a connection.
*want - request a client certificate chain, but do not fail if one is not presented.
*false (default) - do not require a certificate chain.
sslProtocol
Version of SSL to use. The default is TLS.
SSLEnabled
Whether to enable SecureSocketLayer protocol. Valid values are true or false (default).
sslEnabledProtocols
A list of supported protocols when communicating with clients. The list can contain any of the following:
*SSLv3
*TLSv1
*TLSv1.1
*TLSv1.2
*TLSv1.3
You can prefix each protocol with a plus sign ("+") or a minus sign ("-"). A plus sign adds the protocol and a minus sign removes it form the current list.
If you do not specify a value for the sslEnabledProtocols property, any protocol can be used.
Note that TLSv1.3 is only supported for JSSE when using a JVM that implements TLSv1.3. Check the Java update fixes readme files to verify if your installation supports TLS1.3.
Note that SSLv3 and previous SSL versions are inherently unsafe.
Default: +TLSv1,+TLSv1.1,+TLSv1.2
keystoreFile
Path to the keystore file that contains the server certificate to use to decrypt the requests and encrypt the responses.
keystorePass
Password that provides access to the server certificate. If you want to secure the password, replace keystorePass with @secure.keystorePass.
keystoreType
Type of keystore file to use for the server certificate. The default is JKS.
keyAlias
Alias that identifies the key pair in the keystore. If not specified, the first key found in the keystore is used.
algorithm
Certificate encoding algorithm to use.
port
TCP port number on which this connector should create a server socket and wait for incoming connections. If not specified, the value is 10011. If you install another Software AG Runtime, the installer calculates a new port for that installation that is not already in use.
scheme
Configured scheme for the SSL communication. Set the value to https.
enableLookups
When there are IP addresses that connect to the port (before putting data in logs, for example), Tomcat may try to reverse lookup the name of the IP. For example, for IP=127.0.0.1, reversed lookup is localhost and localhost is displayed in logs. Valid values are true or false (default).
secure
Set this property to true.
minSpareThreads
Number of request processing threads to create when this connector is first started. The default is 10.
maxSpareThreads
Maximum number of request processing threads to create. The default is 75.
maxThreads
Maximum number of request processing threads to create. The default is 200.
acceptCount
Maximum queue length for incoming connection requests when all possible request processing threads are in use. The default is 100.
maxHttpHeaderSize
Maximum size of the request and response HTTP header, specified in bytes. If not specified, this value is 4096 (4 KB).
disableUploadTimeout
Allows the use of a different, longer connection timeout in connectionUploadTimeout. If not specified, this value is true.
connectionUpload Timeout
Connection timeout, in milliseconds. The default is 300000 milliseconds (5 minutes).
Below is an example of an SSL connector configuration.
clientAuth=false
sslProtocol=TLS
SSLEnabled=true
keystoreFile=c:\my_store.jks
@secure.keystorePass=password
keystoreType=JKS
keyAlias=encryption_key_alias
algorithm=SunX509
scheme=https
enableLookups=false
secure=true
minSpareThreads=25
maxSpareThreads=75
maxThreads=150
acceptCount=100
maxHttpHeaderSize=8192
disableUploadTimeout=true

enabled=trueport=10011
alias=defaultHttps
server=SoftwareAG Runtime
description=Default HTTPS Connector
Note:
The default value of the connector port is 10011. If you install another Software AG Runtime, the installer calculates a new port for that installation that is not already in use.