Test that X.509 works with Web Services
Before you begin
You will need to complete the following steps before you can test X.509 with Web Services.
- You need user certificates and keys for this configuration.
- If you are using non self-signed certificates, refer to Step 1: Prepare server and user certificates and keys for more details.
- If you are using self-signed certificates, refer to Step 1: Prepare user certificates and keys for more details.
- Convert your key and certificate files to PEM format. Python supports certificates and keys only in PEM format. For more information, refer to Convert user keys and certificates to PEM format for Python clients.
- Configure your server and import client certificates into Platform
Application Center's truststore.
- If you are using non self-signed certificates, refer to Step 2: Configure the web server for X.509 and Step 3: Import certificates into IBM Spectrum LSF Application Center's trust storefor more details.
- If you are using self-signed certificates, refer to Step 2: Configure the web server for X.509 and Step 3: Import user certificates into IBM Spectrum LSF Application Center's truststorefor more details.
You can use the example Python pacclient.py and pac_api.py to test X.509 connection to IBM Spectrum LSF Application Center with Web Services.
About this task
- Copy files from the IBM Spectrum LSF Application Center web server
host to your client host, replacing /opt/pac with
the directory in which you installed IBM Spectrum LSF Application Center.
From /opt/pac/gui/3.0/bin, copy the following to your client host:
- Copy the user's .key.pem and .cert.pem to the same directory as pacclient.py and pac_api.py.
- On your client host, modify pac_api.py to
avoid logon by adding the http.add_certificate line.
def getJobListInfo(parameter): #url, token = getToken() url = 'https://pachost:8080/platform' token = '' x509Flag, keypemfile, certpemfile = checkX509PEMCert(url) if ( (x509Flag == False) & (len(token) <= 0) ): print "You must log on to PAC. To log on, run pacclient logon." return http = httplib2.Http() #if ( (x509Flag == True) & (len(token) <= 0) ): # X509Flag is True and token is empty, then add the key/cert files into http request. # http.add_certificate(keypemfile, certpemfile, '') http.add_certificate('.key.pem', '.cert.pem', '')
- Go to the directory in which pacclient.py is
located and test the Python client by running pacclient.py
There should not be any prompt to log on.
./pacclient.py job JOBID STATUS EXTERNAL_STATUS JOB_NAME COMMAND 12183 Running - *037934810 sleep 1234444