Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 31849 invoked from network); 21 Jun 2006 17:18:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 21 Jun 2006 17:18:17 -0000 Received: (qmail 44778 invoked by uid 500); 21 Jun 2006 17:18:08 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 44703 invoked by uid 500); 21 Jun 2006 17:18:07 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 44692 invoked by uid 99); 21 Jun 2006 17:18:07 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Jun 2006 10:18:07 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [68.236.108.10] (HELO smtp01.uptodate.com) (68.236.108.10) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Jun 2006 10:18:06 -0700 Received: from unknown (HELO utd-mail01.UTD.COM) ([192.168.0.7]) by smtp01.uptodate.com with ESMTP; 21 Jun 2006 13:17:44 -0400 X-IronPort-AV: i="4.06,162,1149480000"; d="scan'208,217"; a="5769870:sNHT41885172" X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C69556.9C1989FC" Subject: RE: https <---> web service Date: Wed, 21 Jun 2006 13:17:44 -0400 Message-ID: <38B600C320F5FC4AA62D128E79532B89FBF8D5@utd-mail01.utd.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: https <---> web service Thread-Index: AcaVQdT8ve0pNk6IThKarXfcTEZsegAETa3w From: "Ben Ethridge" To: X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------_=_NextPart_001_01C69556.9C1989FC Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable This is quite involved, and was a bit tough to set up, as it doesn't seem to be well-documented as to what's actually required and what isn't...or maybe there are just so many different ways to do it that it's hard to see the forest for the trees. In any case, a good place to start is here: =20 http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html =20 .=2E.as background and then his pointer to the sample chapter up at the top (since he obsoleted the orig write-up). =20 In order to create a decent CA (certificate authority), instead of using the above, I had to refer to Kent Tong's "Developing Web Services with Apache Axis" online book. He shows a better way to set up a test CA. =20 There are many pitfalls for the uninitiated, but the key points for getting this to work with Tomcat (for me, at least) were: =20 (1) Create CA-signed certificates in BOTH a client and the server keystore (to make it real-world). (2) In the server certificate, make the CN (distinguished name? canonical name?) be the name of your host (localhost or whatever your host's IP name is). (3) Change your wsdl to use https and the ssl port and regenerate the code (using wsdl2java). Ex: https://localhost:8443/myWS/services/MySOAPBindingPort (4) Do not start TcpMon. (There's probably a way to set him up, but I don't see it yet.) (5) Edit the tomcat server.xml, to use the ssl Connector. Install your server keystore info in it. If you used a password other than the "changeit" password that tomcat expects, put that in the Connector xml also. =20 As shown in the doc link above, in java (and Eclipse Debug window), add the following to the JVM arguments for the client-side run: =20 -Djavax.net.ssl.keyStore=3Dc:\ssl_client\client.ks -Djavax.net.ssl.keyStoreType=3DJKS -Djavax.net.ssl.keyStorePassword=3Dclient-pass -Djavax.net.ssl.trustStore=3Dc:\ssl_client\client.ks -Djavax.net.ssl.trustStoreType=3DJKS =20 If someone knows where there is better documentation on the above, I would appreciate knowing. =20 Ben =20 _____ =20 From: Shuaibin Wang [mailto:shuaibin.wang@net-m.de]=20 Sent: Wednesday, June 21, 2006 10:48 AM To: axis-user@ws.apache.org Subject: https <---> web service =20 Hi, I need to access a rpc web service with https. =20 But the code I generated from wsdl file is for http , could any on tell me how can I change the generated client code to send https requests ? =20 many thanks . =20 SWang This e-mail message may contain confidential and/or privileged information.= If you are=20 not an addressee or otherwise authorized to receive this message, you shoul= d not use,=20 copy, disclose or take any action based on this e-mail or any information c= ontained in the=20 message. If you have received this material in error, please advise the sen= der immediately=20 by reply e-mail and delete this message.=20 Thank you. ------_=_NextPart_001_01C69556.9C1989FC Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

This is quite involved, and was a bit tough to set up, as it doesn’t seem to be well-documented as to what&= #8217;s actually required and what isn’t...or maybe there are just so many different ways to do it that it’s hard to see the forest for the tree= s=2E In any case, a good place to start is here:

 

http://www.= pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html

 

...as background and then his pointer = to the sample chapter up at the top (since he obsoleted the orig write-up).

 

In order to create a decent CA (certificate authority), instead of using the above, I had to refer to Kent= Tong’s “Developing Web Services with Apache Axis” online book.  He shows a better way to set up a test CA.

 

There are many pitfalls for the uninitiated, but the key points for getting this to work with Tomcat (for m= e, at least) were:

 

(1)     Create CA-signed certificates in BOTH a client and the server keystore (to make it real-world).

(2)     In the server certificate, make the CN (distinguished name? canonical name?) be the name of your host (localhost or whatever your host&= #8217;s IP name is).

(3)     Change your wsdl to use https and the ssl port and regenerate t= he code (using wsdl2java). Ex: https://loc= alhost:8443/myWS/services/MySOAPBindingPort

(4)     Do not start TcpMon. (There’s probably a way to set him u= p, but I don’t see it yet.)

(5)     Edit the tomcat server.xml, to use the ssl Connector. Install y= our server keystore info in it. If you used a password other than the “ch= angeit” password that tomcat expects, put that in the Connector xml also.

 

As shown in the doc link above, in java (and Eclipse Debug window), add the following to the JVM arguments for the = client-side run:

 

-Djavax.net.ssl.keyStore=3Dc:\ssl_clie= nt\client.ks

-Djavax.net.ssl.keyStoreType=3DJKS

-Djavax.net.ssl.keyStorePassword=3Dcli= ent-pass

-Djavax.net.ssl.trustStore=3Dc:\ssl_cl= ient\client.ks

-Djavax.net.ssl.trustStoreType=3DJKS

 

If someone knows where there is better documentation on the above, I would appreciate knowing.

 

Ben

 

From: Shuaibin= Wang [mailto:shuaibin.wang@net-m.de]
Sent: Wednesday, June 21, 20= 06 10:48 AM
To: axis-user@ws.apache.org
Subject: https <---> w= eb service

 

Hi, I need to access a rpc web service with https.<= /span>

 

But the code I generated from wsdl file is for http , co= uld any on tell me how can I change the generated client code to send https

requests  ?

 

many thanks .

 

SWang

This e-mail message may contain confidential and/or privileged informa=
tion. If you are=20
not an addressee or otherwise authorized to receive this message, you shoul=
d not use,=20
copy, disclose or take any action based on this e-mail or any information c=
ontained in the=20
message. If you have received this material in error, please advise the sen=
der immediately=20
by reply e-mail and delete this message.=20

Thank you.
------_=_NextPart_001_01C69556.9C1989FC--