Introduction
Securing your services on IBM DataPower begins with enabling HTTPS. This guide provides step-by-step instructions for configuring HTTPS and securing your APIs/services with SSL/TLS encryption. It covers setting up key pairs, certificates, identification credentials, a TLS server profile, and an HTTPS front-side handler.

Step 1: Create a New Key Pair and Certificate

  1. Search the Crypto tools in search bar.
  2. Fill the details and check the relevant radio buttons as shown in the configuration settings and click generate key.
Crypto Tools

Keys and Certificate Generated

Take note of the newly created Crypto key object and Crypto Certificate object, both named example.com. These objects are automatically generated because the Generate key and certificate objects radio button is enabled. These new objects will be utilized in the next step.

Step 2: Create an Identification Credential

  1. Search Identification Credentials.
  2. Click Add and enter name.
  3. Select the newly created Key and Certificate Object, created in step 1.
  4. Apply the configuration.
Identification Credentials Generation

Step 3: Create a TLS Server Profile

  1. Search the TLS Server Profile.
  2. Click Add and enter name and select the Identification Credential, created in Step 2.
  3. Apply the settings.
TLS Server Profile

Step 4: Create an HTTPS Handler

  1. Search the HTTPS Handler.
  2. Click add and enter name.
  3. Enter the desired port to serve HTTPS traffic.
  4. Select the newly created TLS Server Profile, created in step 3.
  5. Save and apply the settings.
HTTPS Front Side Handler

Step 5: Attach the HTTPS Handler to a Multiprotocol Gateway (MPGW)

  1. Navigate to your desired Multiprotocol Gateway (MPGW). Need help creating an MPGW? This post walks you through the process.
  2. Attach the newly created HTTPS Front-Side Handler.
  3. Save and apply the configuration.
Multi Protocol Gateway

Step 6: Test the Service

  1. Use a tool like Postman to send an HTTPS request to your service.
  2. Validate that the request is served over HTTPS.
Test the HTTPS with MPGW

Check the certificate status; Postman will mark it as a self-signed certificate since it is not signed by a well-known Certificate Authority (CA).

SSL certificate Verification

Conclusion

By following these steps, you have successfully enabled HTTPS on your DataPower Gateway Service. To avoid browser and client security warnings, consider obtaining a certificate from a trusted CA like digiCert.