Hi,
I developed a web service using jax-ws and configured Tomcat to support
SSL connection. Here are my steps:
****** Step 1 - Generate a self-signed server certificate
Use JDK 1.7 keytool:
keytool -genkey -alias trackerdev -keypass changeit -storepass changeit
-keystore D:\Tomcat7\htdkeystore\trackerdev.ks –ext san=ip:xx.x.x.xxx
Is CN=xx.x.x.xxx, OU=it, O=companynamehere, L=citynamehere,
ST=provincenamehere, C=ca correct?
[no]: yes
****** Step 2 – Configure Tomcat to support SSL connection
On the dev server:
Modify TOMCAT_HOME\conf\server.xml by adding the following block where
keystoreFile and keystorePass are set to values from the previous step:
<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS"
keystoreFile="htdkeystore/trackerdev.ks"
keystorePass="changeit" />
****** Step 3 - Export the generated server certificate to a
certificate file
On the dev server:
keytool –export -alias trackerdev -storepass changeit –file
D:\Tomcat7\htdkeystore\serverdev.cer -keystore
D:\Tomcat7\htdkeystore\trackerdev.ks
****** Step 4 - Import the server certificate into the truststore file
(Open an administrator cmd window and hit Shift, Ctrl, Enter)
Copy serverdev.cer from the dev server and on the local machine:
keytool –import –v –trustcacerts –alias trackerdev –file
C:\fromdevserver\serverdev.cer –keystore "C:\Program
Files\Java\jdk1.7.0_51\jre\lib\security\cacerts" -keypass changeit
-storepass changeit
Trust this certificate? [no]: yes
****** Step 5 – Modify webapps’s web.xml
Add the following:
<listener>
<listener-class>
com.sun.xml.ws.transport.http.servlet.WSServletContextListener
</listener-class>
</listener>
<servlet>
<servlet-name>tracker</servlet-name>
<servlet-class>
com.sun.xml.ws.transport.http.servlet.WSServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>tracker</servlet-name>
<url-pattern>/tracker</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/tracker</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
****** MY QUESTION IS THIS:
I tested the web service using https and it worked for me. I provided
another team with my server certificate so that they could add it to
their truststore file but I have no idea if they did or not. All I know
is that they got an error loading the wsdl. The exception they got was:
Error loading [https://xx.x.x.xxx:8444/appname/tracker?wsdl]
org.apache.xmlbeans.XmlException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
They claim that the certificate is not properly signed. Well, I don't
know. It is a self-signed certificate.
Any ideas would help!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
