Configure a WS client to access an HTTPS server

Configuration steps to access a server in HTTPS.

To configure access to an HTTPS server, you need a client certificate.

Important: On GMI mobile devices the iOS SSL/TLS layer is used for HTTPS, and the device Keychain® typically holds the server certificate authority list. Therefore, the fglprofile security settings are ignored with the exception of the following: security.global.ca, security.global.ca.lookuppath, and security.global.systemca.
Before you begin, there are options to consider depending on how you wish to use the client certificate:
  • If you do not have the certificate information in your fglprofile, Genero Web Services creates a certificate for you. This is an implicit or temporary certificate that is valid for a session only. For more information see HTTPS configuration.
    Note: For the implicit certificate, no configuration is required.
  • Alternatively, for stronger security, you generate a client certificate of your own, configure your application to use the client certificate generated, and add the configuration details to fglprofile. Follow the steps outlined in this procedure.
    Note: In a production environment, some servers provide a client certificate and you use the certificate as provided, and add the configuration details to fglprofile.
The openssl command line tool can be used to create your own certificates for the configuration of secured communication. The following steps outline the configuration process:
  1. To create the client certificate, follow the procedure described in Create the client certificate.
  2. To configure fglprofile for the client certificate, follow the procedure in Configure for the client certificate.
  3. To configure fglprofile for the certificate authority list, see Configure for the certificate authority list.
  4. Add configuration entries for the server to fglprofile. For an example, see FGLPROFILE: HTTP(S) Proxy Authentication.
    The Genero Web Services client needs a set of configuration entries that specify the security configuration when accessing an HTTPS server. The following entries must be defined with an unique identifier (such as myserver) :

    ws.myserver.url =
    "https://www.MyServer.com/gas/ws/r/MyWebService"

    ws.myserver.security = "id1"

    (line breaks added for document readability)
    • The unique identifier myserver can be used in the BDL client code in place of the actual URL.
    • The security entry value (id1 in this example) must match the unique identifier defined by the client security entry created in Configure for the client certificate.