SSL web service message sender
Extension of HTTP Components message sender that allows custom SSL settings.
Extension of HTTP Components message sender that allows custom SSL settings.
Useful when you want full control over the SSL settings for the HTTP connection, or when you need to combine functionality from the HTTP Components message sender (such as HTTP authentication) with SSL.
Trust store path
Path to the Java trust store for this HTTPS connection. Only connections to servers with a trusted certificate are allowed.
Required
Trust store
Select the path to the Java trust store for this HTTPS connection. Only connections to servers with a trusted certificate are allowed.
Required
Trust store password
Password of the Java trust store for this HTTPS connection.
Required
Key store path
Path to the Java key store containing the (client) SSL certificate(s) for this HTTPS connection. If no SSL client authentication is required, use an empty key store.
Required
Key store
Select the path to the Java key store containing the (client) SSL certificate(s) for this HTTPS connection. If no SSL client authentication is required, use an empty key store.
Required
Key store password
Password of the Java key store containing the (client) SSL certificate(s) for this HTTPS connection.
Required
Hostname verifier
Determines how to verify if a hostname matches the names stored inside the server's certificate.
Allow all - Allows all hostnames: essentially turns hostname verification off. Browser compatible - Works the same way as Curl and Firefox: the hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. Strict - Works the same way as Sun Java 1.4, Sun Java 5, Sun Java 6-rc. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The one divergence from IE6 is how we only check the first CN; IE6 allows a match against any of the CNs present.
The only difference between browser compatible and strict is that a wildcard (such as *.example.com
) with browser compatible matches all subdomains (including www.host.example.com
), while with strict it matches only subdomains in the same level (for example www.example.com
).
Default is browser compatible.
Certificate alias
Alias of the SSL certificate for this HTTPS connection.
If the key store contains multiple certificates, you can use this property to specify which certificate should be used for this HTTPS connection.
Optional
Key manager password
The password for the specific key within the key store.
Usually keys use the same password (or none) as the key store and you don't need this property, but when a key has a different password you can specify it here.
Optional
Validate certs
Set to true
if (client) SSL certificates have to be validated, for example checking the expiration date. Invalid certificates (or no certificates in the key store at all) will cause this component to fail during startup.
Default is false
.
Validate peer certs
Set to true
if SSL certificates of the peer have to be validated, for example checking the expiration date. Invalid peer certificates will cause the connection to be rejected.
Default is false
.
Protocol
The SSL protocol to use.
Default is TLS.
Credentials
The credentials to be used. If not set, no authentication is done.
Username password credentials - Simple Credentials implementation based on a user name / password pair. NT credentials - Credentials implementation for Microsoft Windows platforms that includes Windows specific attributes such as name of the domain the user belongs to.
Username
The user name.
This should not include the domain to authenticate with. For example: user
is correct whereas DOMAIN\user
is not.
Required
Password
The password.
Required
Workstation
The workstation the authentication request is originating from. Essentially, the computer name for this machine.
Optional
Domain
The domain to authenticate within.
Note that this information should not be included in the username. For example: user
is correct whereas DOMAIN\user
is not.
Optional
Id
Name that uniquely identifies this flow component.
Required
Connection timeout
The timeout (in milliseconds) until a connection is etablished. A value of 0
means never timeout.
Default is 60000
(1 minute).
Read timeout
The socket read timeout (in milliseconds) for the underlying HttpClient. A value of 0
means never timeout.
Default is 60000
(1 minute).
Max total connections
The maximum number of connections allowed for the underlying HttpClient.
Auth scope
The authentication scope to be used. Only used when the credentials property has been set.
Default is ANY
.