Re: https <---> web service

[Shuaibin Wang]

Hi thanks a lot Ben ! I will try your tip right way.   BR.   shuaibin   ----- Original Message ----- From: Ben Ethridge To: axis-user@ws.apache.org Sent: Wednesday, June 21, 2006 7:17 PM Subject: RE: https <---> web service This is quite involved, and was a bit tough to set up, as it doesn’t seem to be well-documented as to what’s actually required and what isn’t...or maybe there are just so many different ways to do it that it’s hard to see the forest for the trees. In any case, a good place to start is here:   http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html   ...as background and then his pointer to the sample chapter up at the top (since he obsoleted the orig write-up).   In order to create a decent CA (certificate authority), instead of using the above, I had to refer to Kent Tong’s “Developing Web Services with Apache Axis” online book.  He shows a better way to set up a test CA.   There are many pitfalls for the uninitiated, but the key points for getting this to work with Tomcat (for me, at least) were:   (1)     Create CA-signed certificates in BOTH a client and the server keystore (to make it real-world). (2)     In the server certificate, make the CN (distinguished name? canonical name?) be the name of your host (localhost or whatever your host’s IP name is). (3)     Change your wsdl to use https and the ssl port and regenerate the code (using wsdl2java). Ex: https://localhost:8443/myWS/services/MySOAPBindingPort (4)     Do not start TcpMon. (There’s probably a way to set him up, but I don’t see it yet.) (5)     Edit the tomcat server.xml, to use the ssl Connector. Install your server keystore info in it. If you used a password other than the “changeit” password that tomcat expects, put that in the Connector xml also.   As shown in the doc link above, in java (and Eclipse Debug window), add the following to the JVM arguments for the client-side run:   -Djavax.net.ssl.keyStore=c:\ssl_client\client.ks -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyStorePassword=client-pass -Djavax.net.ssl.trustStore=c:\ssl_client\client.ks -Djavax.net.ssl.trustStoreType=JKS   If someone knows where there is better documentation on the above, I would appreciate knowing.   Ben   From: Shuaibin Wang [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 21, 2006 10:48 AM To: axis-user@ws.apache.org Subject: https <---> web service   Hi, I need to access a rpc web service with https.   But the code I generated from wsdl file is for http , could any on tell me how can I change the generated client code to send https requests  ?   many thanks .   SWang This e-mail message may contain confidential and/or privileged information. If you are not an addressee or otherwise authorized to receive this message, you should not use, copy, disclose or take any action based on this e-mail or any information contained in the message. If you have received this material in error, please advise the sender immediately by reply e-mail and delete this message. Thank you.