X.509 certificate token capabilities for decryption
For web services, you can complete decryption by using an X.509 certificate token.
X.509 certificate token decryption for incoming SOAP message Confidentiality is supported in the following configurations:
- Decrypt (by using an integration node private key)
Policy Enforcement Point (PEP) and direction.
- In (provider)
- In (consumer)
Configured with a policy set and binding defining the message Confidentiality.
Trust Store or Policy Decision Point (PDP).
- Integration node Truststore; for details, see Viewing and setting keystore and truststore runtime properties at integration node level.
Decryption is not supported with external PDPs such as TFIM or LDAP.