Test that X.509 works with Web Services

Before you begin

You will need to complete the following steps before you can test X.509 with Web Services.

  1. You need user certificates and keys for this configuration.
  2. Convert your key and certificate files to PEM format. Python supports certificates and keys only in PEM format. For more information, refer to Convert user keys and certificates to PEM format for Python clients.
  3. Configure your server and import client certificates into Platform Application Center's truststore.

About this task

You can use the example Python pacclient.py and pac_api.py to test X.509 connection to IBM Spectrum LSF Application Center with Web Services.

Procedure

  1. Copy files from the IBM Spectrum LSF Application Center web server host to your client host, replacing /opt/pac with the directory in which you installed IBM Spectrum LSF Application Center.

    From /opt/pac/gui/3.0/bin, copy the following to your client host:

    • pacclient.py
    • pac_api.py
  2. Copy the user's .key.pem and .cert.pem to the same directory as pacclient.py and pac_api.py.
  3. On your client host, modify pac_api.py to avoid logon by adding the http.add_certificate line.

    For example:

    def getJobListInfo(parameter):
            #url, token = getToken()
            url = 'https://pachost:8080/platform'
            token = ''
    
            x509Flag, keypemfile, certpemfile = checkX509PEMCert(url)
    
            if ( (x509Flag == False) & (len(token) <= 0) ):
                    print "You must log on to PAC. To log on, run pacclient logon."
                    return
    
            http = httplib2.Http()
            #if ( (x509Flag == True) & (len(token) <= 0) ):
                    # X509Flag is True and token is empty, then add the key/cert files into http request.
            #       http.add_certificate(keypemfile, certpemfile, '')
    
    
            http.add_certificate('.key.pem', '.cert.pem', '')
  4. Go to the directory in which pacclient.py is located and test the Python client by running pacclient.py job.

    There should not be any prompt to log on.

    For example:

    ./pacclient.py job
    JOBID   STATUS   EXTERNAL_STATUS   JOB_NAME   COMMAND
           12183   Running       -            *037934810  sleep 1234444