axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Ethridge" <bethri...@UpToDate.com>
Subject RE: https <---> web service
Date Wed, 21 Jun 2006 17:17:44 GMT
This is quite involved, and was a bit tough to set up, as it doesn't
seem to be well-documented as to what's actually required and what
isn't...or maybe there are just so many different ways to do it that
it's hard to see the forest for the trees. In any case, a good place to
start is here:

 

http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html

 

...as background and then his pointer to the sample chapter up at the
top (since he obsoleted the orig write-up).

 

In order to create a decent CA (certificate authority), instead of using
the above, I had to refer to Kent Tong's "Developing Web Services with
Apache Axis" online book.  He shows a better way to set up a test CA.

 

There are many pitfalls for the uninitiated, but the key points for
getting this to work with Tomcat (for me, at least) were:

 

(1)     Create CA-signed certificates in BOTH a client and the server
keystore (to make it real-world).

(2)     In the server certificate, make the CN (distinguished name?
canonical name?) be the name of your host (localhost or whatever your
host's IP name is).

(3)     Change your wsdl to use https and the ssl port and regenerate
the code (using wsdl2java). Ex:
https://localhost:8443/myWS/services/MySOAPBindingPort

(4)     Do not start TcpMon. (There's probably a way to set him up, but
I don't see it yet.)

(5)     Edit the tomcat server.xml, to use the ssl Connector. Install
your server keystore info in it. If you used a password other than the
"changeit" password that tomcat expects, put that in the Connector xml
also.

 

As shown in the doc link above, in java (and Eclipse Debug window), add
the following to the JVM arguments for the client-side run:

 

-Djavax.net.ssl.keyStore=c:\ssl_client\client.ks

-Djavax.net.ssl.keyStoreType=JKS

-Djavax.net.ssl.keyStorePassword=client-pass

-Djavax.net.ssl.trustStore=c:\ssl_client\client.ks

-Djavax.net.ssl.trustStoreType=JKS

 

If someone knows where there is better documentation on the above, I
would appreciate knowing.

 

Ben

 

  _____  

From: Shuaibin Wang [mailto:shuaibin.wang@net-m.de] 
Sent: Wednesday, June 21, 2006 10:48 AM
To: axis-user@ws.apache.org
Subject: https <---> web service

 

Hi, I need to access a rpc web service with https.

 

But the code I generated from wsdl file is for http , could any on tell
me how can I change the generated client code to send https

requests  ?

 

many thanks .

 

SWang

This e-mail message may contain confidential and/or privileged information. If you are 
not an addressee or otherwise authorized to receive this message, you should not use, 
copy, disclose or take any action based on this e-mail or any information contained in the

message. If you have received this material in error, please advise the sender immediately

by reply e-mail and delete this message. 

Thank you.

Mime
View raw message