SSL for Direct Integration
SSL, or Secure Sockets Layer, is a way of achieving secure communication over a network so that only the client and the server have access to the data being transferred. To implement this security for the integration between Sterling Order Management and HCL Commerce, you can enable SSL as part of Direct Integration. This choice is optional.
There are two types of SSL:
- Two-way SSL authentication, in which the SSL client application
verifies the identity of the SSL server application and the SSL server
application verifies the identity of the SSL-client application. In
Direct Integration, when HCL Commerce requests
data from Sterling Order Management,
two-way SSL is used before invoking Sterling services through the
SOAP servlet. This requires both systems to authenticate the other
certificates. For demo environments, two-way SSL can be disabled by
setting the property
soapservlet.validate.authentication
to false. By default, this value is set to true. - One-way SSL authentication enables the application operating as
the SSL client to verify the identity of the application operating
as the SSL server. The SSL client application is not verified by the
SSL server application. When Sterling Order Management communicates
data with HCL Commerce through
the integration servers -- such as in
SCWC_SDF_pushOrderMessages
orSCWC_SDF_createOrder
- one-way SSL is used and Sterling Order Management authenticates HCL Commerce certificate before the request. This cannot be disabled.