webMethods has three types of Client Authentication when Integration Server performing requests that arrive on its HTTPS port. One of them is Require Client Certificates, this means Integration Server requires client certificates for all requests.
By using a client certificate, you don’t need to provide user/pin to identify yourself when login to Integration Server.
What is a client certificate?
A client digital certificate or client certificate is basically a file, usually protected with a password and loaded into a client application (usually as PKCS12 files with the .p12 or .pfx extension).
Config Integration Server as an SSL Server
– Generate a public/private key pair using key store explorer. This certification will be used as server certification.
o Enter key store password. This key store password is important when setup key store in webMethods.
– Install the certificate in Integration Server
o Install the certificate via Security -> Certificates -> Edit Certificates Settings. Please notice we don’t have truststore setup at the moment and we will setup this up when we create client certificate.
– Add an HTTPS Port in Integration Server:
o Test the HTTPS connection by navigating to https://localhost:5575 in IE.
The certificate error is ok, because we self-signed our certificate. Add the certificate to the list of trusted certificates and move on. If you use a “real” certificate later, the error will go away.
Config SOPAUI as SSL client
– Similar to generate server certificate, generate a client certificate using key store explorer but choose PKCS #12 as store type
– Export client certificate and include it in trust store. This is to enable webMethods integration server to accept a self-signed certificate.
– Config trust store in webMehtods.
o Create truststore via Security -> Keystore -> Create Truststore Alias on IS’s web frontend.
– Use client certificate in SOAPUI
As I mentioned at the beginning, try to login to IS’s web frontend using HTTPS to see if you were asked for a user/pin!