Configuring a Node.js application to access an integration service by using SSL

If you are using the JavaScript client API with a Node.js application, then you can secure the data that is sent between an integration service and the JavaScript application.

Before you begin

Complete the following steps:
  1. Define your public key infrastructure (PKI).
  2. Configure the integration service to use SSL.
See Securing an integration service that uses a JavaScript client API.

About this task

Complete the following steps to secure the data that is sent between an integration service and a Node.js application:

Procedure

  1. Depending on your configuration requirements, add the following lines of code to your JavaScript application, where:
    service_name
    Specifies the name of your integration service.
    ca_cert
    Specifies the path to the CA certificate.
    client_key
    Specifies the path to the client key (the private key for your Node.js client).
    client_cert
    Specifies the path to the client certificate (the public key certificate for your Node.js client).
    client_cert_password
    Specifies the password for the client certificate.
    Condition Add the following lines of code before you call the integration service Comments
    All HTTPS configurations. IBMIntegration.service_name.IBMContext.protocol = "https";  
    The Node.js client must not check the credentials that are sent by the server. IBMIntegration.service_name.IBMContext.rejectUnauthorized = false; This line is also needed if a server provides a self-signed certificate or a CA-signed server certificate where the common name of the certificate does not match the domain name or host name of the server.
    The Node.js client must validate the CA-signed certificate that is sent by the server. IBMIntegration.service_name.IBMContext.rejectUnauthorized = true;

    IBMIntegration.service_name.IBMContext.cacert = "ca_cert";

    		 The Node.js client validates the CA-signed certificate by checking the CA-signed certificate against the public certificate of the CA.
    The server is configured to require client authentication. IBMIntegration.service_name.IBMContext.key = "client_key";

    IBMIntegration.service_name.IBMContext.cert = "client_cert";

    		  
    The client certificate uses a password. IBMIntegration.service_name.IBMContext.certpass = "client_cert_password";  
    For example, you might set the following properties in a Node.js client application that is using a CA-signed server certificate and a CA-signed client certificate with a password, to call an integration service named TestService1, where the certificates and key are stored in the Windows folder C:\certs.
      IBMIntegration.TestService1.IBMContext.protocol = "https";
  IBMIntegration.TestService1.IBMContext.rejectUnauthorized = true;  
  IBMIntegration.TestService1.IBMContext.cacert   = "C:\\certs\\ca.crt";
  IBMIntegration.TestService1.IBMContext.key      = "C:\\certs\\client.key";
  IBMIntegration.TestService1.IBMContext.cert     = "C:\\certs\\client.crt";
  IBMIntegration.TestService1.IBMContext.certpass = "secret";
  2. Change the port number that is associated with your integration service to the HTTPS port.
    The default HTTPS port is 7083 for the integration node listener and 7843 for the embedded listener.
    For example:
    IBMIntegration.TestService1.IBMContext.hostname = "localhost";
IBMIntegration.TestService1.IBMContext.port = 7843;

Results

You have configured the Node.js client application to access the integration service by using SSL.