User guide
Chapter 14: How to Prepare PKI Environment for Web Services (SOAP)
14-8
In the following cases the creation of a key pair and the acquisition of a site certificate from the
certification authority can be omitted:
• If the SOAP digital signature is verified.
• Data is encrypted using XML encryption.
• The client is not authenticated in SSL-encrypted communication.
Note
Refer to Environment Construction when a Private-key is not Needed.
The following encryption methods can be used in SSL-encrypted communication.
Table 14-5 Encryption Methods that can be Used
encryption method
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
Environment Construction when a Private-key is needed
To use the following functions in the Web service, the creation of a private-key and the acquisition of a
site certificate are needed.
• If the client should be authenticated in SSL-encrypted communication.
• SOAP digital signature generation.
• Decryption using the XML encryption.
Creating and Setting a Key Pair/Certificate Management Environment
Use the XML encryption to create a key pair/certificate management environment required for the SSL
client authentication, the SOAP digital signature generation or decryption.
• Create a directory in which the file (the certificate management file) used to create and manage key
pairs and to register and manage certificates is to be placed.
• Create a Web service security environment information file and the certificate management file
using the soapSetSecurity command (key pair/certificate management environment creation). How
to use soapSetSecurity depends on the certification authority to which the application for a
certificate is made.
The following shows some examples of using the soapSetSecurity command for each certification
authority to be used.