Configure a WS client to access an HTTPS server

Configuration steps to access a server in HTTPS.

To configure access to an HTTPS server, you need a client certificate.

Before you begin, there are options to consider depending on how you wish to use the client certificate:
  • If you do not have the certificate information in your FGLPROFILE file, Genero Web Services creates a certificate for you. This is an implicit or temporary certificate that is valid for a session only. For more information, go to HTTPS configuration.

    For the implicit certificate, no configuration is required.

  • Alternatively, for stronger security you should have your own certificate signed by a trusted certificate authority that the web server may verify before granting access. You should configure your application to use the certificate by adding the configuration details to the FGLPROFILE file. Follow the steps outlined in this section.

    In a production environment, it is not recommended to use self-signed certificates.

    In a production environment, some servers provide a client certificate and you use the certificate as provided, and add the configuration details to the FGLPROFILE file.

    Most servers do not check the identity of the clients. For these servers, the client's certificate does not necessarily need to be trusted; it is only used for data encryption purpose. If, however, the server performs client identification, you must trust a Certificate Authority in which it has total confidence concerning the validity of the client's certificates.

To get a certificate signed by a trusted certificate authority, you must send a Certificate Signing Request to one of the trusted Certificate Authority companies on the Internet that will provide you with a certificate you can trust. For information on generating a Certificate Signing Request, go to Create a certificate.

For testing purposes, you may need to create a self-signed certificate. To do so, start with the task to Create a root certificate authority and follow with the procedure to create the self-signed certificate in Create a certificate.

Once you have a certificate, either issued and signed by a trusted Certificate Authority or self signed for testing, follow the three steps in this section to configure the FGLPROFILE security entries used by the client's Genero Web Services during HTTPS communication.