[axis2] Need help with HTTPS
I am trying to figure out how to use HTTPS with Apache2-1.5. First of al I have used the binary distribution and do not know if it supports SSL. Second: I have jdk1.6 build 17 and in document http://hc.apache.org/httpclient-3.x/sslguide.html it says that it should have the proper JSSE support already. I do not know however if it uses same certificate and keys as openssl. I assumed that (after I have ran axis2server.sh) I should be able to access https://localhost:8080 -failed while http://localhost:8080 works fine. Tried https://localhost:443 - failed. Tried to modify axis2.xml to have transportReceiver name=https class=org.apache.axis2.transport.http.SimpleHTTPServer parameter name=port8080/parameter It did not help either. How to setup SSL with apache? Help!!! OpenSSL seems to be working. At least with self-certification and openssl client and server test. Thanks Vadim. From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Wednesday, August 12, 2009 8:01 AM To: axis-user@ws.apache.org Subject: RE: error sending S/MIME Illegal interception and manipulation costs businesses millions of dollars in lost revenue here AXIS Security is handled by Rampart Rampart doc states these steps for implementing BC 1.) Download bouncycastle according to your java version. You can download bouncycastle from the following link. http://www.bouncycastle.org/latest_releases.html 2.) Add the bcprov-jdkXX-139.jar to your service's / client's classpath. 3.) Add the following line to java.security file which can be found in JRE's lib/security directory as the last line. security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider Before you try any of the samples makesure you 1.) Have the Axis2 standard binary distribution downloaded and extracted. 2.) Set the AXIS2_HOME environment variable 3.) Run ant from the samples directory to copy the required libraries and modules to relevant directories in AXIS2_HOME. add both rahas-1.4.mar and rampart-1.4.mar modules to /WEB-INF/modules/modules.list rahas-1.4.mar rampart-1.4.mar /WEB-INF/conf/axis2.xml would contain this global reference module ref=rampart/ then configure inflow and outflow security parameters e.g: module ref=rampart / !-- sample-10 : MTOM optimize encrypted content -- parameter name=OutflowSecurity action itemsTimestamp Signature Encrypt/items userclient/user !-- your customised Callback Handler class goes here -- passwordCallbackClassorg.apache.rampart.samples.sample10.PWCBHandler/passwordCallbackClass signaturePropFileclient.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier encryptionKeyIdentifierDirectReference/encryptionKeyIdentifier encryptionUserservice/encryptionUser /action /parameter parameter name=InflowSecurity action itemsTimestamp Signature Encrypt/items !-- your customised Callback Handler class goes here -- passwordCallbackClassorg.apache.rampart.samples.sample10.PWCBHandler/passwordCallbackClass signaturePropFileclient.properties/signaturePropFile /action /parameter client.properties would contain: org.apache.ws.security.crypto.provider=org.bouncycastle.jce.provider.BouncyCastleProvider org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=PasswordUsedTOCreateKeyStoreFile.jks org.apache.ws.security.crypto.merlin.file=client.jks Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Wed, 12 Aug 2009 15:31:39 +0200 From: tomaz.majerh...@arnes.si To: axis-user@ws.apache.org Subject: error sending S/MIME Env: OS: Win XP Tomcat: 6.0.18 java: 1.6.0_10-b33 axis2: 1.4.1 I have tomcat web application which use crypto and bouncy castle for signing the mail and it work well. But when I'm using same class in my soap
Re: [axis2] Need help with HTTPS
On Fri, Nov 20, 2009 at 7:08 AM, Vadim Letitchevski vletitchev...@teledyne.com wrote: I am trying to figure out how to use HTTPS with Apache2-1.5. First of al I have used the binary distribution and do not know if it supports SSL. Second: I have jdk1.6 build 17 and in document http://hc.apache.org/httpclient-3.x/sslguide.html it says that it should have the proper JSSE support already. I do not know however if it uses same certificate and keys as openssl. I assumed that (after I have ran axis2server.sh) I should be able to access https://localhost:8080 -failed while http://localhost:8080 works fine. Tried https://localhost:443 - failed. Tried to modify axis2.xml to have transportReceiver name=https class=org.apache.axis2.transport.http.SimpleHTTPServer parameter name=port8080/parameter try to deploy the axis2.war in tomcat (or any other application server). And configure the https as given in the tomcat documentation. Then you will be able to expose your services through https. thanks, Amila. It did not help either. How to setup SSL with apache? Help!!! OpenSSL seems to be working. At least with self-certification and openssl client and server test. Thanks Vadim. -- *From:* Martin Gainty [mailto:mgai...@hotmail.com] *Sent:* Wednesday, August 12, 2009 8:01 AM *To:* axis-user@ws.apache.org *Subject:* RE: error sending S/MIME Illegal interception and manipulation costs businesses millions of dollars in lost revenue here AXIS Security is handled by Rampart Rampart doc states these steps for implementing BC 1.) Download bouncycastle according to your java version. You can download bouncycastle from the following link. http://www.bouncycastle.org/latest_releases.html 2.) Add the bcprov-jdkXX-139.jar to your service's / client's classpath. 3.) Add the following line to java.security file which can be found in JRE's lib/security directory as the last line. security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider Before you try any of the samples makesure you 1.) Have the Axis2 standard binary distribution downloaded and extracted. 2.) Set the AXIS2_HOME environment variable 3.) Run ant from the samples directory to copy the required libraries and modules to relevant directories in AXIS2_HOME. add both rahas-1.4.mar and rampart-1.4.mar modules to /WEB-INF/modules/modules.list rahas-1.4.mar rampart-1.4.mar /WEB-INF/conf/axis2.xml would contain this global reference module ref=rampart/ then configure inflow and outflow security parameters e.g: module ref=rampart / !-- sample-10 : MTOM optimize encrypted content -- parameter name=OutflowSecurity action itemsTimestamp Signature Encrypt/items userclient/user !-- your customised Callback Handler class goes here -- passwordCallbackClassorg.apache.rampart.samples.sample10.PWCBHandler/passwordCallbackClass signaturePropFileclient.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier encryptionKeyIdentifierDirectReference/encryptionKeyIdentifier encryptionUserservice/encryptionUser /action /parameter parameter name=InflowSecurity action itemsTimestamp Signature Encrypt/items !-- your customised Callback Handler class goes here -- passwordCallbackClassorg.apache.rampart.samples.sample10.PWCBHandler/passwordCallbackClass signaturePropFileclient.properties/signaturePropFile /action /parameter client.properties would contain: org.apache.ws.security.crypto.provider=org.bouncycastle.jce.provider.BouncyCastleProvider org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=PasswordUsedTOCreateKeyStoreFile.jks org.apache.ws.security.crypto.merlin.file=client.jks Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date:
