Using Client Certificates

During secure https connection (SSL/TLS) negotiation, the SOAPam Client Process can send a PKCS12 client certificate to the Web service host in order to authenticate itself. First, you must obtain a certificate file from the Web service provider and transfer it to your NonStop server as a binary file. To use the certificate, you specify the name of the certificate file using the -sslclientcert command line option when starting the Client Process.

It is common practice for the Web service provider to associate a pass phrase with the certificate. You must know the pass phrase in order to use the certificate. The pass phrase also can be specified using the -sslclientcert command line option. The pass phrase can be specified in clear text or in an encrypted credentials file.

To specify the pass phrase as a clear text string use the following format for the -sslclientcert option:

tacl> run SOAPAMCP / name $wscp / -cdf mycdf -sslclientcert mypkcs #my^pass^phrase

where 'mypkcs' is the certificate file name and 'my^pass^phrase' is the pass phrase. In order to provide the pass phrase in a SOAPam credentials file, first create the credentials file using the MAKECF utility:

tacl> run MAKECF mycreds my^pass^phrase

Then provide the credentials file name in the -sslclientcert option:

tacl> run SOAPAMCP / name $wscp / -cdf mycdf -sslclientcert mypkcs mycreds

Refer to Using Credential Files for information about creating credentials files. Refer to Configuring the Client Process for more information about SOAPAMCP command line parameters.