Securing outbound communications between Process Federation Server and federated systems
Process Federation Server communicates with
each federated system by using REST services. Configure the Process Federation Server for secure
communications between Process Federation Server and
each of the federated REST endpoints.
Before you begin
In a development or test environment, you might decide not to secure outbound
communications because the REST endpoints allow HTTP communication. However, if you want to secure
outbound communications, and are not using CA-signed certificates, you must obtain the signer
certificate from one of the following locations:
- If your development or test environment communicates directly with a federated system, you can
get the system signer certificate in one of the following ways:
- Use the administrative console to extract the signer certificate. See Personal certificates collection
. - Use the PFSSecurityUtility.py script to create a keystore and truststore that are based on the signer certificate.
- Use the administrative console to extract the signer certificate. See Personal certificates collection
- If your development or test environment communicates with the federated system through an IBM® HTTP Server, get the signer certificate from the IBM HTTP Server by using the IKEYMAN utility. See Securing with SSL communications
.
About this task
The Liberty server.xml file contains the SSL configuration settings for Process Federation Server. The server.xml that is provided as a template includes a default SSL configuration, and a default keystore. You can configure a truststore for the signer certificates, so that communication can be secured with the REST endpoints.
To manage the Process Federation Server truststore, use your JVM’s keytool utility, or the IBM HTTP Server IKEYMAN utility.
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15