| The module tests web service communications running over HTTPS. HTTPS is configured |
| in this embedded test environment by adding the confidentiality intent to both |
| reference and service and by configuring reference and service side policy sets |
| to configure the web service binding appropriately to enable SSL. |
| |
| When running the web service binding in a container that itself is configured |
| to provide SSL support these policy sets are not required. TODO can they themselves |
| detect that they are not required. |
| |
| The SSL configuration depends on public/private key pairs and a keystore. This is how |
| they are organized and generated |
| |
| |
| Generate Private/Public keys into a keystore for use at the server |
| ------------------------------------------------------------------ |
| |
| keytool -genkey -keyalg RSA -sigalg MD5withRSA -keysize 1024 -alias TuscanyUser -dname "CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, S=Hampshire, C=UK" -storetype JKS -keystore tuscany.jks -validity 9999 -keypass tuscany -storepass tuscany |
| |
| View the contents of the key store that result |
| ---------------------------------------------- |
| |
| keytool -list -v -keystore tuscany.jks -storepass tuscany |
| |
| Keystore type: JKS |
| Keystore provider: SUN |
| |
| Your keystore contains 1 entry |
| |
| Alias name: tuscanyuser |
| Creation date: 26-Feb-2010 |
| Entry type: PrivateKeyEntry |
| Certificate chain length: 1 |
| Certificate[1]: |
| Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK |
| Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK |
| Serial number: 4b87b4d7 |
| Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037 |
| Certificate fingerprints: |
| MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41 |
| SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07 |
| Signature algorithm name: MD5withRSA |
| Version: 3 |
| |
| |
| IN THIS EMBEDDED TEST THE FOLLOWING ARE NOT REQUIRED AS BOTH REFERENCE AND SERVICES |
| ARE RUNNING IN THE SAME JVM AND HAVE ACCESS TO THE SERVICE SIDE KEY STORE |
| |
| Generate the client side certificate |
| ------------------------------------ |
| |
| keytool -export -alias TuscanyUser -file tuscany.cer -keystore tuscany.jks -storepass tuscany |
| |
| Print the contents of the generated certificate file |
| ---------------------------------------------------- |
| |
| keytool -printcert -v -file tuscany.cer |
| |
| Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK |
| Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK |
| Serial number: 4b87b4d7 |
| Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037 |
| Certificate fingerprints: |
| MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41 |
| SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07 |
| Signature algorithm name: MD5withRSA |
| Version: 3 |
| |
| |