Security considerations for Web service administration
The WSA acts as an intermediary between the AppServer and clients that access the service over the Internet. Thus, an application session involves two distinct connections, each of which is configured separately with respect to security.
The first connection is Internet-based between the WSA and the client. See Enabling the WSA for HTTPS client connections for information about making this connection secure. In brief, the following conditions must be met:
The client must use HTTPS protocol to send requests.
The WSA must be HTTPS-enabled; that is, it must be configured to accept HTTPS requests from clients (via the Java container or Web server).
A private key and a Web server digital certificate must be installed on the Web server, and the Web server must be configured for SSL support.
The second connection is via AppServer protocol between the deployed service and the AppServer. For this connection to be secure, the following conditions must be met:
You must obtain and install public key certificates for the WSA host machine.
The service must send SSL requests to the AppServer that is to process the client requests. To configure the service to send SSL requests, you set the value of the appServiceProtocol property to AppServerS or AppServerDCS. You set this property, either for a specific service or as the default for services deployed to a given WSA instance, by using OpenEdge Management /OpenEdge Explorer or by manually editing the WebServiceFriendlyName.props file or the default.props file. (Note that this property applies to deployed services, not to the WSA itself; for more information on configuring WSA security, see Web Services Adapter Security Configurations)
The AppServer must be SSL-enabled, meaning that it accepts SSL requests from the WSA (or other clients). You set the property sslEnable=1 by checking the Enable SSL client connections box in the SSL General properties category in OpenEdge Management/OpenEdge Explorer, or by manually editing the ubroker.properties file. You must also obtain and install a server private key and public key certificate and set additional SSL server properties. See SSL-enabled AppServer operation for more information.
For details on SSL support in OpenEdge, including configuring and operating a Web service as a client of an SSL-enabled AppServer, see OpenEdge Getting Started: Core Business Services - Security and Auditing.