Unless you are manually configuring your web service behind web server authentication, you are required to secure your web service using X509 v3 certificates. Note that the security mechanisms used require the SubjectKeyIdentifier extension. The keytool utility released with Java does not generate this extension.

The Apache Ant build script is located at:

This build script can generate client or server keystore and truststore pairs for use by Info*Engine web service examples. You can also use it for testing and development purposes. The Apache Ant build script uses OpenSSL to generate client and server certificates, and then uses the Java keytool utility to import these certificates into client or server keystore and truststore files.

You can use the jws-stores.xml build script as an illustration on how to use your own certificate to create truststores and keystores for your web services and clients. This script only generates a single server and client certificate, and then imports those certificates into their corresponding keystores before generating the truststores for the client and server.

To generate these files, run the following script from a windchill shell:

While the script is running, you are prompted several times for user input. You can choose to either accept the defaults (presented surrounded by brackets like [ws-server]) by simply pressing Enter when prompted, or supply your own input. If you choose the default input, then the released configured security.properties files should contain the proper configuration. If you decide to supply other input when running the script, then you need to update the corresponding security.properties configuration accordingly. When the script has finished running, the <Windchill>/prog_examples/jws/stores directory is created. This directory contains the following files: