Re: Security using rampart

Fri, 04 May 2007 01:34:04 -0700 

Hi Vibhor,

On 4/28/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:



Hi Ruchith
     We are deploying the web services solution created by Axis2 1.1.1 and
security using rampart1.1.

The deployment comprises of the Apache Web server which receives the HTTP
requests and then routes the requests to the Jboss Application server, where
axis2 web application along with the services are deployed.

I want to have encryption and digital signature in place using rampart. I
have tested the application with the sample certifcates in the development
environment and it works fine. The questions are pertaining to the
production deployment.

a) Do i need to have the certifcates key store(signed server certificate, CA
self signed certifcate) maintained at the
    Apache web server?  I guess this would be required in case i want to
have transport layer security enabled right.


Yes, you will only need to have the keystore in the Apache web server
only if you use transport layer security : HTTPS



b) Since rampart  would reside at the Jboss server i would need the keystore
at Jboss server also right? this will be required for handling
    the encrypted and digitaly signed SOAP messages. This keystore would
have the private keys of the server, CA self signed certificate, and the
    signed certificate of the server by the CA.


For rampart's configuration it doesn't matter where you store the
keystore! You simply have to provide the path (relative or absolute)
to the keystore in rampart configuration.



c) I hope the Apache web server does not create issues with the encrypted
soap request coming in when the transport layer security is also
    enabled. It must let it pass through to Jboss as is.


Yes



d) If  rampart is enabled for the web services and the axis2 engine is
enabled/configured for REST based services too, would Axis2 engine
    expect encrypted and digitally signed messages when the consumer sends a
POST request?


Yes! Therefore when you enable rampart on a service that service will
not be accessible via REST/POST.

HTH and apologies about the late response!

Thanks,
Ruchith



It is a long mail but will help us in the deployment of the web services in
the production environment.

Thanks
Vibhor



--
www.ruchith.org
www.wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to