|» Log In » Register » Suggest » Feeds » News » Podcasts » Tags » Pings » Documents » XML » Web Services » Categories » Statistics » Help » Site Map » About|
Previous Syndicated Feed
||Random Syndicated Feed
Next Syndicated Feed
|Headlines||Poll Results||Statistics||XML||Action Log(1)||Notes(0)||Categories||Contacts||Locations||Subscribers||Changes|
|Web Services and EJB support in WAS8 Liberty Profile||You can try out JAX-WS and EJB support now in WAS 8.5 Liberty Profile (in Alpha) now on wasdev. WAS 8.5 Liberty Profile is a special lightweight version of WAS for developers. Fast cycle time and file-based config.|
|Free training on IBM Worklight - Mobile Development||Mobile foundation platform is the hotest topic around IBM. You can pick up Worklight Developer Edition for free here and follow this training to get the essential skills. It's a 2-day course that goes into a fair amount of depth (such as authentication, push notification, globalization and offline encrypted storage.) Very handy.|
|MQSeries.net is now available on Linkedin||for those of you who are on Linkedin , this may be worth a consideration to join
|New: MQ Visual Edit v1.5.5||Capitalware Inc. would like to announce the official release of MQ Visual Edit v1.5.5. This is a FREE upgrade for ALL licensed users of MQ Visual Edit.|
|Inbound and Outbound SSL communications||This article is an overview of the general concepts of inbound and outbound SSL configurations for WebSphere Application Server. It applies to the recommended approach by IBM to use IHS for inbound SSL and to configure the appropriate scopes key and trust stores.
Read it through, it reads great, but there is a more to it than meets the eye. After reading the Inbound communications and Outbound communications please read through my comments after to get an idea of the type of level my training material covers.
BEGIN: Excerpt from IBM Information Centre
Most Web applications transmit sensitive data, for example, a user name and password during login or personal data during the interaction with the application. To make this data safe during transfer, we use SSL. In the WebSphere environment, we recommend that you access application
servers through a Web server, for example, IBM HTTP Server (IHS). If client certificate authentication is not required, perform the following steps to configure SSL communication:
1. Configure the Web server for SSL
1. Create the key database file and certificates required for the Web server to participate in an SSL connection. The certificate must be signed by a well known CA.
2. Enable the directives in the Web server configuration for SSL, pointing to the new key database. This step allows SSL connections to be established between Web browsers and the Web server.
2. Configure the HTTP Plug-in for SSL
1. Add the Web server definition to WebSphere (which is usually done as a part of the HTTP plug-in configuration process).When a Web server definition is created, it is associated with a keystore that contains all of the signers for the cell and the chained certificate for the Web server node.
2. Copy the Web server keystore and stash files for the plug-in to the Web server plug-in location.
If client certificate authentication is required, configuration is more complex. In addition to the previous steps, you have to configure the Web server to require client certificates and configure mutual trust between the plug-in and the application server.
Applications might need to communicate with external services. These external services usually require encryption and often certificate authentication also. We recommend that you create separate SSL configurations for each external service to provide flexibility and isolation. Depending on your requirements, the number of external services, and the topology, you can select a specific SSL configuration selection method.
The following steps describe how to prepare SSL configuration for external
1. Create a keystore at the appropriate scope. Choose a scope that will allow access to the keystore for all servers that have to connect to the external service.
2. Obtain the certificate from the external service server.
3. Import the certificate into the keystore as a signer certificate.
4. If client certificate authentication is required:
1. If the service provider provides you with a client certificate, import it as a personal certificate into the keystore.
1. Generate a new self-signed personal certificate or chained certificate.
2. Extract the public part of the certificate or root signer certificate.
3. Send the extracted certificate to the service provider where it must be
added as a trusted certificate to allow a connection to be established.
1. Create a new SSL configuration at the same scope. Select the new keystore as both the keystore and the truststore.
2. Ensure that the SSL configuration will be used.
END: Excerpt from IBM Information Centre
How to implement the above.
Nice description above, but how do we do all this?
· What about the scenario when you do not want IBM HTTP Server for inbound SSL and you want to access WAS directly via SSL?
· Maybe you want WAS to communicate to a service hosted in another technology and you need WAS to be the client?
· Maybe you do not want WAS to present the default self –signed certificate in this type of conversation. Instead present singed certs from one of your companies root certificates?
IHS (IBM HTTP Server) SSL configuration is covered in my SSL module part 1.
You can purchase this module from www.themiddlewareshop.com
My SSL module Part2 discusses the correct configuration to allow a client service to connect to WebSphere Application Server directly using SSL and vice versa.
You can purchase this module from www.themiddlewareshop.com
|IBM WebSphere Application Server V8.5 Beta (including the Liberty profile)||https://www14.software.ibm.com/iwm/web/cc/earlyprograms/websphere/wasv8na/|
|WebSphere / DataPower SSL interoperability||
Use case: DataPower XI52 Web Services Proxy acting as web services provider endpoint (https)
web services client was running on WebSphere AppServer 7.0
We kept getting javax.net.ssl.SSLKeyException after we switched to use SSL on DataPower. It turns out that the IBM JDK does not like SSL that uses large key size 4096-bits on the DataPower side. See this link for some more details.
The solution is to use the unrestricted JCE policy files (downloaded from here.) Or go back to 1024-bits.
This one took me a couple of days to figure out. So, I figured you may find it useful too.
|Tracking CPU consumption programmatically in zWAS||This API is very handy if you need to figure out which part of your code is consuming MIPS on zWAS. WebSphere on zOS has special API [pdf] to retrieve that information.|
|WebSphere Insights digital magazine||A new digital magazine known as WebSphere Insights is now available (free).|
|IMPACT highlights||Just returned from IMPACT this year. About 9000 people attended this year. A ton of new announcements around the WebSphere platform; especially capabilities to support mobile. A couple of highlights for you:
My own session ("Top 10 SOA Best Practices to support innovations in mobile and analytics") went well. You can download my slides here too.
More on WAS 8.5 a little later.