Test that X.509 works with Web Services

Before you begin

You will need to complete the following steps before you can test X.509 with Web Services.

You need user certificates and keys for this configuration.
- If you are using non self-signed certificates, refer to Step 1: Prepare server and user certificates and keys for more details.
- If you are using self-signed certificates, refer to Step 1: Prepare user certificates and keys for more details.
Convert your key and certificate files to PEM format. Python supports certificates and keys only in PEM format. For more information, refer to Convert user keys and certificates to PEM format for Python clients.
Configure your server and import client certificates into Platform Application Center's truststore.
- If you are using non self-signed certificates, refer to Step 2: Configure the web server for X.509 and Step 3: Import certificates into IBM Spectrum LSF Application Center's trust storefor more details.
- If you are using self-signed certificates, refer to Step 2: Configure the web server for X.509 and Step 3: Import user certificates into IBM Spectrum LSF Application Center's truststorefor more details.

About this task

You can use the example Python pacclient.py and pac_api.py to test X.509 connection to IBM Spectrum LSF Application Center with Web Services.

Procedure

Copy files from the IBM Spectrum LSF Application Center web server host to your client host, replacing /opt/pac with the directory in which you installed IBM Spectrum LSF Application Center.
From /opt/pac/gui/3.0/bin, copy the following to your client host:
- pacclient.py
- pac_api.py
Copy the user's .key.pem and .cert.pem to the same directory as pacclient.py and pac_api.py.

On your client host, modify pac_api.py to avoid logon by adding the http.add_certificate line.

For example:

def getJobListInfo(parameter):
        #url, token = getToken()
        url = 'https://pachost:8080/platform'
        token = ''

        x509Flag, keypemfile, certpemfile = checkX509PEMCert(url)

        if ( (x509Flag == False) & (len(token) <= 0) ):
                print "You must log on to PAC. To log on, run pacclient logon."
                return

        http = httplib2.Http()
        #if ( (x509Flag == True) & (len(token) <= 0) ):
                # X509Flag is True and token is empty, then add the key/cert files into http request.
        #       http.add_certificate(keypemfile, certpemfile, '')


        http.add_certificate('.key.pem', '.cert.pem', '')

Go to the directory in which pacclient.py is located and test the Python client by running pacclient.py job.
There should not be any prompt to log on.

For example:
```
./pacclient.py job
JOBID   STATUS   EXTERNAL_STATUS   JOB_NAME   COMMAND
       12183   Running       -            *037934810  sleep 1234444
```