Configuring a web browser-based JavaScript application to access an integration service by using SSL

If you are using the JavaScript client API with a web browser-based JavaScript application, then you can secure the data that is sent between an integration service and the web browser-based JavaScript application.

Before you begin

Complete the following steps:
  1. Define your public key infrastructure (PKI) at the integration node level, or the integration node listener level.
  2. Configure the integration service to use SSL.
See Securing an integration service that uses a JavaScript client API.

About this task

Complete the following steps to secure the data that is sent between an integration service and the browser-based JavaScript application:
Note: The steps assume that you are using the Google Chrome web browser and that the HTTP proxy servlet is deployed in an Apache Tomcat servlet container. However, the steps are similar for other web browsers and servlet containers. If you are running your servlet container behind a web server such as Apache HTTP Server, then, typically, you configure the web server to handle the SSL connections instead of configuring Apache Tomcat; see your web server documentation for information on how to configure SSL.

Procedure

  1. Create a keystore for your servlet container.
    If your servlet container is on the same machine as IBM App Connect Enterprise and your servlet container uses the same certificate format, you can use the same keystore that you created for IBM App Connect Enterprise.
  2. Configure the servlet container to use the keystore.
    For Apache Tomcat, complete the following steps:
    1. Edit the server.xml file.
      The file is found in:

      Tomcat_installation\conf\server.xml

      where Tomcat_installation is your Apache Tomcat installation directory.
    2. Uncomment the section titled Define a SSL HTTP/1.1 Connector and add the following lines to define the keystore and keystore password:
      keystoreFile="keystore"
      keystorePass="keystore_password"
      where:
      keystore
      Specifies the path to the keystore.
      keystore_password
      Specifies the password of the keystore.
    For example:
    <!-- Define a SSL HTTP/1.1 Connector on port 8443
    This connector uses the JSSE configuration, when using
    APR, the connector should be using the OpenSSL style 
    configuration described in the APR documentation -->
               
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    
    keystoreFile="c:\certs\keys.jks"
    keystorePass="secret"
    
    ReqClientAuth="false" sslProtocol="TLS" />
  3. Save and close the server.xml file and restart Apache Tomcat.
  4. Start the Google Chrome web browser and enter the URL for your integration service.
    Unless your keystore contains a CA certificate that the web browser can use to validate the client certificate, you get a warning message that the client certificate is untrusted.
  5. To add the CA certificate, complete the following steps:
    1. Click Settings > Show advanced settings and click Manage Certificates in the HTTPS/SSL section.
    2. Select Import and use the wizard to add the PEM format of the CA certificate into the Trusted Root CA store.
    Note: If you configured your integration node to support client authentication, you must also use the wizard to add the PFX format of your client certificate into the Personal store.

Results

You have configured the web browser-based JavaScript application to access the integration service by using SSL.