Skip to content

Configuring Certificate Credentials for Service Endpoints

Overview

This document details how to configure service endpoints to use certificate credentials.

Assumptions

This guide assumes that you have a basic understanding of the Neuron ESB explorer, client connectors and service connectors. If you are not familiar with these aspects of the Neuron ESB platform, please review the Neuron ESB Fundamentals guide before proceeding.

This guide also assumes that you are using pre-existing certificates that are already implemented on your system. If you need information on configuring SSL with Neuron ESB service endpoints, or if you need to create a certificate, information on how to do so can be found in the help topic Configuring SSL.

Creating Certificate Credentials

Prior to using a certificate in conjunction with a client or service connector, you must first create a certificate credential inside the Neuron ESB Explorer.

Credentials are a user’s authentication information created and managed in the Neuron Explorer by navigating to Security -> Credentials.

From here just follow the following steps to create a certificate credential:

  1. Click New to open the Credentials properties window.
  2. In the Name textbox enter an appropriate name for the Credential you are creating.
  3. From the Type drop down list, select “Certificate”
  1. Click the ellipse next to the Locations textbox.
  2. Select the type of certificate that you wish to use
  3. Machine Certificate
  4. Personal Certificate
  5. Select the certificate store where your certificate is stored.
  6. Select the Find Type that you wish to use.
  7. Select the Certificate that you wish to use from the resulting list.
  1. Click the Ok button to apply the certificate to the Credential.
  1. Click the Apply button.

Configuring a Service Connector

Using certificates with a service connector is relatively simple. This section will guide you through creating a service connector, configuring it for standard SSL as well as configuring the service connector to use the certificate credential that you created previously.

Configuring a Service Connector to use Certificate Credentials

For service connectors interacting with external services that implement a higher level of security than standard SSL, you need to configure the service connector to use the certificate credential that you created previously. To do this, follow these steps:

  1. Create a new service endpoint named CertificateServiceConnector
  1. Click on the security tab and select the security model that matches that of the service being called. In this example we are going to be using Transport:Certificate.
  1. Click on the service connector tab and enter the following values
    • Enable the service connector
    • URL: https://[URL FOR EXTERNAL SERVICE]
    • Select the Certificate Credential you created from the Client Credentials dropdown list.

Configuring a Client Connector

As client connectors are services that Neuron ESB hosts for you to receive and send data to external parties, it is sometimes necessary to allow a client connector to accept more than one credential. Because of this you need to create an additional security entity, called an Access Control List, to use credentials with a client connector.

Creating an Access Control List

Let us first create an Access Control List which will use our certificate credential. To do so, follow these steps:

  1. Navigate to Security -> Access Control Lists
  1. Click New to open the Access Control Lists properties window.
  2. In the Name textbox enter an appropriate name for the Access Control List you are creating.
  1. From the Type drop down list, select “Certificate”
  1. Check the Certificate Credentials that you would like to include in the Access Control List
  1. Apply your changes

Configuring a Client Connector to use Certificate Credentials

With your access control list (ACL) created, we can now use it to configure the client connector to accept the certificate credentials that the ACL points to. To do this, follow these steps:

  1. Create a new service endpoint named CertificateClientConnector
  1. Click on the security tab and select the security model appropriate for your client connector. In this example we are going to be using Message:Certificate.
  1. Click on the client connector tab and enter the following values
    • Enable the client connector
    • URL: https://[URL FOR THIS SERVICE ENDPOINT] (example: https://localhost: 9099)
    • Select the Access Control List that you created from the Access Control List dropdown list.
Was this article helpful?
Dislike 0
Previous: Configuring SSL
Next: Identity Propagation