Enabling X.509 certificates

During creation of a WebSphere Commerce instance, you select the web server authentication mode in the Configuration Manager. It can be either Basic authentication or X.509 authentication. The default is Basic authentication, which is authentication with a logon ID and password.

About this task

To enable the use of X.509 certificates:

Procedure

  1. Set up your IBM HTTP web server SSL certificate. The SSL server certificate includes a list of client authorities for trust relationships. You may need to add additional client certificate authorities.
  2. Open the Configuration Manager.
  3. Select WebSphere Commerce > node_name > Commerce > Instance List > instance_name > Instance Properties > Web server.
  4. Check the X.509 box for Authentication Mode. Click Apply. X.509 client certificate users are now accepted. The IBM HTTP Server is automatically enabled for certificate support, when X.509 Authentication Mode is selected.
  5. Stop and start the WebSphere Commerce Server. WebSphere Commerce does not register X.509 users in the CERT_X509 table until the server is restarted.
    Note: You can make X.509 certificates either optional or required.
    1. Open the configuration file httpd.conf and locate the SSLClientAuth directive. Set the directive to 1 (optional) or 2 (required). The recommended parameter is required.
    2. Since the WebSphere Commerce Payments client does not support SSL Client Authentication, you must disable SSL between the WebSphere Commerce Payments client and the web server.
      1. In a text editor, open the PaymentServlet.properties file. The file is in the WebSphere Commerce Payments installation Directory.
        • Locate the UseNonSSLWCSClient property. Set the property to a value of '1' (one).
        • If you cannot find the UseNonSSLWCSClient property in the file, add the line: 
          
UseNonSSLWCSClient=1
      2. Save the file, and exit the editor.
    3. If WebSphere Commerce Payments is installed on the same machine as WebSphere Commerce:
      1. Open the Configuration Manager.
      2. Select WebSphere Commerce > node_name > Payments.
      3. Check Use non-SSL Payments Client. This enables the WebSphere Commerce Server client to communicate with WebSphere Commerce Payments, without using SSL.
      4. Click Apply.
      5. Close the Configuration Manager.
    4. Restart WebSphere Commerce Payments.
    5. Restart your WebSphere Commerce instance.