1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
The module tests web service communications running over HTTPS. HTTPS is configured
in this embedded test environment by adding the confidentiality intent to both
reference and service and by configuring reference and service side policy sets
to configure the web service binding appropriately to enable SSL.
When running the web service binding in a container that itself is configured
to provide SSL support these policy sets are not required. TODO can they themselves
detect that they are not required.
The SSL configuration depends on public/private key pairs and a keystore. This is how
they are organized and generated
Generate Private/Public keys into a keystore for use at the server
------------------------------------------------------------------
keytool -genkey -keyalg RSA -sigalg MD5withRSA -keysize 1024 -alias TuscanyUser -dname "CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, S=Hampshire, C=UK" -storetype JKS -keystore tuscany.jks -validity 9999 -keypass tuscany -storepass tuscany
View the contents of the key store that result
----------------------------------------------
keytool -list -v -keystore tuscany.jks -storepass tuscany
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: tuscanyuser
Creation date: 26-Feb-2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
Serial number: 4b87b4d7
Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
Certificate fingerprints:
MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
Signature algorithm name: MD5withRSA
Version: 3
IN THIS EMBEDDED TEST THE FOLLOWING ARE NOT REQUIRED AS BOTH REFERENCE AND SERVICES
ARE RUNNING IN THE SAME JVM AND HAVE ACCESS TO THE SERVICE SIDE KEY STORE
Generate the client side certificate
------------------------------------
keytool -export -alias TuscanyUser -file tuscany.cer -keystore tuscany.jks -storepass tuscany
Print the contents of the generated certificate file
----------------------------------------------------
keytool -printcert -v -file tuscany.cer
Owner: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
Issuer: CN=Tuscany Service, OU=Tuscany, O=Apache, L=Hursley, ST=Hampshire, C=UK
Serial number: 4b87b4d7
Valid from: Fri Feb 26 11:47:35 GMT 2010 until: Mon Jul 13 12:47:35 BST 2037
Certificate fingerprints:
MD5: C3:0C:D6:DF:F6:27:26:47:AD:41:44:CA:D7:98:FA:41
SHA1: 2E:82:AD:F6:54:E0:C6:A5:47:5C:8C:9F:3B:5A:65:8E:F9:5A:40:07
Signature algorithm name: MD5withRSA
Version: 3
|