Working with Web Services > Consuming Web Services over HTTPS
	Consuming Web Services over HTTPS

When working with certificates and key stores, Dialog Designer uses the keytool tool included with JDK, and by default installed in JAVA_HOME\bin.

To use a Web service over HTTPS, the server's certificate needs to be installed in a trusted keystore on the application server, and the system property javax.net.ssl.trustStore needs to point to the trust store. (The same is true for the ADE and can also be done on the ADE).

To import the server certificate:

4. Get the certificate that is installed on the server.

• In the following it is assumed that you have the server certificate stored in a file called Server.cer on the application server.

• If you do not have the server certificate, you can use keytool to export the certificate from the server and into a file by running the following on the app server.

• keytool -export -rfc -alias MyAlias -file Server.cer

5. On the application server, create a new keystore by importing the server certificate:

• keytool -import -trustcacerts -alias MyAlias -file Server.cer -keystore MyKeystore

6. Configure the app servers JVM to use the new keystore, by setting the following JVM parameters:

• javax.net.ssl.trustStore=full path to MyKeystore

• javax.net.ssl.trustStorePassword=the keystore password

7. Restart the app server.

Certificate problems can be very hard to troubleshoot, so if you are having problems it can be helpful to enable more debugging information by setting the following parameter:

• javax.net.debug=ssl,handshake,trustmanager

For more details on keytool, see:

• http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html

For more details on certificates see:

• http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html

©2009, Avaya Inc. All rights reserved.