Adding SSL to Tomcat 6.0 Axis2 web service and client

If you want to add the SSL security to your web service (in Windows), please follow these steps:

1. Create a self-signed certificate on the server side using the "Keytool" utility found in your Java binary distribution.

keytool -genkey -alias tomcatWSServer -keyalg RSA

This will create a new file .keystore in the user's home directory. You can move it to your desired location.
a. Please note that you should not enter your first name/last name, instead please enter the name of the server on which tomcat is running. The clients who will be validating the certificate will match the name of the server and the name on the certificate to verify the authenticity.
b. Also they will be ensured that the request is coming from the same server as mentioned in the certificate to avoid phishing and other threats.
c. Please use the same password for Certificate and the Keystore both.

2. Enable the HTTPS configuration in the tomcat's server.xml as shown below.
Please note that i have moved the .keystore file under my JDK folder within a directory named as "keystore".

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector 
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>
-->



3. Export the self-signed certificate that you created in step#1, so that it can be distributed to the clients.
Command for export:
keytool -export -alias tomcatWSServer -storepass changeit -file server.cer -keystore C:\Program Files\Java\jdk1.6.0_24\keystore\.keystore

This command will generate the certificate with name server.cer. This can be distributed to all the clients who are intending to consume the web service.

3. On the client side, you will have to import this certificate to the truststore and CA Certificate Keystore typically located here:
C:\Program Files\Java\jdk1.6.0_24\jre\lib\security\cacerts

Please note that you have to choose the JRE used by your client application.

You can use the following command to import the certificate to your client's CA keystore:
keytool -import -v -trustcacerts -alias tomcatWSServer -file "C:\MyProjects\Web Service\server.cer" -keystore C:\Progra~1\Java\jdk1.6.0_24\jre\lib\security -keypass changeit -storepass changeit

You can also import using the utility like Keystore Explorer.

4. Your client should be able to now invoke the web service operations and do a successful SSL handshake.

Comments

Anonymous said…
Thаnkѕ for a marvelous postіng! I definitely
еnjoуed reading it, you can be a great
authοr. I will mаκe sure to bookmark your blog and
ԁеfinіtely wіll come back ѕometime soon.
Ι want to enсourage you to ultimately continuеyour great postѕ, havе a nicе
afternoon!

my page ... gamehosting
September 21, 2013 at 5:18 PM
Post a Comment

Popular posts from this blog

Load data from CSV into HIVE table using HUE browser

It may be little tricky to load the data from a CSV file into a HIVE table. Here is a quick command that can be triggered from HUE editor. Steps: 1. Upload your CSV file that contains column data only (no headers) into use case directory or application directory in HDFS 2. Run the following command in the HIVE data broswer LOAD DATA  INPATH "/data/applications/appname/table_test_data/testdata.csv" OVERWRITE INTO TABLE testschema.tablename; 3. This will overwrite all the contents in the table with the data from csv file. so existing data in the table will be lost Make sure the table is already created in the HIVE. You can create the table as follows: CREATE TABLE   tablename( ·   strt_tstmp string , end_tstmp string , stts_cd int , ) ROW FORMAT DELIMITED FIELDS TERMINATED BY ',' ·   STORED AS TEXTFILE  
Read more

Setting property 'keystoreFile' did not find a matching property. No Certificate file specified or invalid file format

I encountered this weird exception on X server even after configuring the Tomcat  configuration file properly same as i did for other server  Y where it is working fine. Solution is mentioned after the exception log: May 24, 2011 5:23:45 PM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keystoreFile' to 'C:\Program Files\Java\jdk1.6.0_25\keystore\.keystore' did not find a matching property. May 24, 2011 5:23:45 PM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'keystorePass' to 'changeit' did not find a matching property. May 24, 2011 5:23:45 PM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clientAuth' to 'false' did not find a matching property. May 24, 2011 5:23:46 PM org.apache.coyote.h
Read more

Gitlab change project visibility from private to internal

Apparently there is no clicable option in the GITlab portal to change the project visibility from private to internal or to public once that is set at the time of creation. In order to do this, you will have to add "/edit" string to the end of your repo URL and it will show the setting page. The "Permissions" section can be expanded to change the visibility and click "Save Changes" to get your changes reflected. Hope this helps.
Read more