Security

This section discusses security considerations for orchestrations.

To call a service using HTTPS from an orchestration workflow, you must establish a trust by importing the SSL certificate that the service uses. This applies to REST services called via the RESTCaller as well.

To execute an external Web service call from SBM using SSL, the SBM certificate truststore must contain the external service's public certificate (in the event that the certificate does not already exist in the truststore). Therefore, you must import the service's public certificate into either the Windows or Tomcat truststore—depending on which SBM component performs the call.

For example, if the external Web service call is invoked from a workflow transition, you must add the public certificate to the Windows truststore in the IIS tab on the IIS server. This ensures that SBM Application Engine calls are trusted by the external service. Similarly, you must add the public certificate to the Tomcat truststore to ensure that SBM Orchestration Engine calls are trusted by the external service. For example, if you create an SBM orchestration that contains an external Web service call that is secured by SSL, the public certificate for that service must be added to the Tomcat truststore.

Consult your SBM administrator, and use the Manage Trusted Certificates option in SBM Configurator (SBM On-Premise only) to import the service's public certificate into the JVM truststore. The truststore may already contain some public certificates, but if you create your own certificates or use certificates that are newer than those the truststore, the truststore must be updated to successfully complete calls over HTTPS.