Configuring Certificate Credentials for Service Endpoints
- Home
- Neuron ESB
- Development
- Samples and Walkthroughs
- How To
- Configuring Certificate Credentials for Service Endpoints
Overview
This document details how to configure service endpoints to use certificate credentials.
Assumptions
This guide assumes that you have a basic understanding of the Neuron ESB explorer, client connectors and service connectors. If you are not familiar with these aspects of the Neuron ESB platform, please review the Neuron ESB Fundamentals guide before proceeding.
This guide also assumes that you are using pre-existing certificates that are already implemented on your system. If you need information on configuring SSL with Neuron ESB service endpoints, or if you need to create a certificate, information on how to do so can be found in the help topic Configuring SSL.
Creating Certificate Credentials
Prior to using a certificate in conjunction with a client or service connector, you must first create a certificate credential inside the Neuron ESB Explorer.
Credentials are a user’s authentication information created and managed in the Neuron Explorer by navigating to Security -> Credentials.
From here just follow the following steps to create a certificate credential:
- Click New to open the Credentials properties window.
- In the Name textbox enter an appropriate name for the Credential you are creating.
- From the Type drop down list, select “Certificate”
- Click the ellipse next to the Locations textbox.
- Select the type of certificate that you wish to use
- Machine Certificate
- Personal Certificate
- Select the certificate store where your certificate is stored.
- Select the Find Type that you wish to use.
- Select the Certificate that you wish to use from the resulting list.
- Click the Ok button to apply the certificate to the Credential.
- Click the Apply button.
Configuring a Service Connector
Using certificates with a service connector is relatively simple. This section will guide you through creating a service connector, configuring it for standard SSL as well as configuring the service connector to use the certificate credential that you created previously.
Configuring a Service Connector to use Certificate Credentials
For service connectors interacting with external services that implement a higher level of security than standard SSL, you need to configure the service connector to use the certificate credential that you created previously. To do this, follow these steps:
- Create a new service endpoint named CertificateServiceConnector
- Click on the security tab and select the security model that matches that of the service being called. In this example we are going to be using Transport:Certificate.
- Click on the service connector tab and enter the following values
- Enable the service connector
- URL: https://[URL FOR EXTERNAL SERVICE]
- Select the Certificate Credential you created from the Client Credentials dropdown list.
Configuring a Client Connector
As client connectors are services that Neuron ESB hosts for you to receive and send data to external parties, it is sometimes necessary to allow a client connector to accept more than one credential. Because of this you need to create an additional security entity, called an Access Control List, to use credentials with a client connector.
Creating an Access Control List
Let us first create an Access Control List which will use our certificate credential. To do so, follow these steps:
- Navigate to Security -> Access Control Lists
- Click New to open the Access Control Lists properties window.
- In the Name textbox enter an appropriate name for the Access Control List you are creating.
- From the Type drop down list, select “Certificate”
- Check the Certificate Credentials that you would like to include in the Access Control List
- Apply your changes
Configuring a Client Connector to use Certificate Credentials
With your access control list (ACL) created, we can now use it to configure the client connector to accept the certificate credentials that the ACL points to. To do this, follow these steps:
- Create a new service endpoint named CertificateClientConnector
- Click on the security tab and select the security model appropriate for your client connector. In this example we are going to be using Message:Certificate.
- Click on the client connector tab and enter the following values
- Enable the client connector
- URL: https://[URL FOR THIS SERVICE ENDPOINT] (example: https://localhost: 9099)
- Select the Access Control List that you created from the Access Control List dropdown list.