The HTTP adapter supports the connection with the server through HTTPS. By using the connection through HTTPS, you encrypt the user name and the password required for authentication thereby reducing the risk of interception by a third party.

(a) HTTPS related settings

The following table lists the items that are set as HTTPS related information:

Table I-1 HTTPS related settings

Items	Settings
Use of HTTPS	Specifies "https" in the schema of URI when using HTTPS.
Security communication protocol to be used when using HTTPS	The most appropriate protocol is set automatically from among TLS1.0, SSL3.0 and other protocols that can be used.
Server authentication	You can set whether to perform server authentication with the adphttp.protocol.https-server-authentication property of the HTTP-adapter definition file. When you perform server authentication (default): Checks if the public key certificate of the connection destination HTTP server can be trusted, and executes the process only if the certificate can be trusted. When you do not perform server authentication: Executes the process without checking whether the public key certificate of the connection destination HTTP server can be trusted.
Host name validation	You can set whether or not to perform the host name validation with the adphttp.protocol.https-hostname-verification property of the HTTP-adapter definition file. When you perform host name validation(default): Checks if the host name in the certificate matches with the host name of the destination URI, and then executes process. When you do not perform host name validation: Executes the process without checking if the host name in the certificate matches with the host name of the destination URI.

For details on the HTTP-adapter definition file, see HTTP-adapter definition file in the manual Service Platform Reference Guide.

Note

In the HTTP adapter, you cannot connect to the HTTPS server that requires client authentication.

(b) Key store related settings

When you use HTTPS or when you perform server authentication in the HTTP adapter, a key store that stores the certificate that you can trust (trust store) is required.

Any of the following certificates must be stored in the trust store:

• Public key certificate of the connection destination HTTP server
• If the above mentioned certificate is issued by CA, certificate of CA that issued the above mentioned certificate
• If the above mentioned CA is intermediate CA, then CA certificate corresponding to any CA from the intermediate CA up to the root CA
• For the method to import certificates to the key store, see the "keytool" related part in the JDK document.

The method to set the keystore path and password is as follows:

Keystore path

When you perform server authentication, the HTTP adapter searches the keystore in the following order, and performs server authentication by using the trust store which is detected first:

1. If the javax.net.ssl.trustStore property of usrconf.properties (user property file of the J2EE server) is specified, uses the key store that exists in the path specified in this system property.
2. If a file exists in the following path,uses this file as the keystore:
   <Installation directory of service platform>\jdk\jre\lib\security\jssecacerts
   
3. If a file exists in the following path, uses this file as the keystore.
   <Installation directory of service platform >\jdk\jre\lib\security\cacerts
   

If none of the above mentioned points are applicable, then the server is determined as a server that cannot be trusted.

Keystore password

If the password of the keystore is specified in javax.net.ssl.trustStorePassword property of usrconf.properties (user property file of the J2EE server), before using key store, an investigation is conducted to check if the key store data is complete.

If the javax.net.ssl.trustStorePassword property is not specified, the investigation for the keystore data is not conducted.

For details on usrconf.properties (user property file for the J2EE server), see 2.4 usrconf.properties (user property file for J2EE server) in the manual Application Server Definition Reference Guide.