Z-Archive » KFH Project Archive » Preventive Maintenance

There's transport level (SSL) and message level encryption(Web service policy, propriety extension of WSDL in WebLogic).

Assuming only transport level encryption is used for now.

http://download.oracle.com/docs/cd/E13171_01/alsb/docs30/security/security_faq.html

Getting more information from Hazli and Nazri.

From my understanding:-
It is a 2-way SSL authentication. KFH side is using an unsigned(non CA certified) certificate to connect to the remote HTTPS web service. What we are trying to do is configure the AquaLogic to use the the SSL certificate of KFH while making POST request to that remote host.

1)Import the key provided by KFH into java keystore using "keytool" command. It is included in the Java SDK. Keystore is a ".jks" file.

2)Upload keystore file into the WebLogic server. Define the absolute path in the WebLogic console.

3)Go to "Security Realm" -> "Providers" -> "Credential Mapping". Create a new mapping that points to the absolute path of the keystore file.

4)Go to the Aqua Logic console.
Project Explorer -> ePay

5)Create new Proxy Service Provider. Choose the Encryption key etc as defined in the WebLogic Credential Mapping.

6)Create new Proxy Service. Choose to use the Proxy Service Provider as defined in the Step 5.

For ePay, this kind of configuration is required because it connects directly to the remote web service.
For M1, the security configuration is presumed to done at the EJB that acts as the middle person between local and remote web service.