-
1. Re: Using JBoss to call web services on hosted on IIS using https
mjcrosbie Dec 30, 2009 12:49 AM (in response to inkriti)If the binding policy is declared in the https wsdl file and you have a certificate from your development IDE to connect then using the netbeans IDE 6.5.1 you should be able to create a web service client from WSDL and can configure the security accordingly or if you have a local copy of the wsdl and the security policy is specified there again the NET beans IDE web service client from wsdl can be used and configured under right click on the web service reference Edit web service attributes. However it is quite possible that no such security policy is declared in the WSDL and therefore you can configure the security in your JVM startup (which is how I do this) with the options of:
# JVM JAVA_OPTS
export JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxPermSize=1024m -Djavax.net.ssl.trustStore=/home/jboss/jboss-ssl/mytrustsore.truststore -Djavax.net.ssl.trustStorePassword=mytruststorepass -Djavax.net.ssl.keyStore=/home/jboss/jboss-ssl/mykeystore.keystore -Djavax.net.ssl.keyStorePassword=mykeystorepass -Djavax.net.debug=ssl,handshake"
In the above "mystrustsore.trustsore" is a file created from using openssl or keytool and "mytruststorepass" is the password for opening this file.
and "mykeystore.keystore" is a file created from using openssl or keytool and the "mykeystorepass" is the password for opening this file.
You will need to add to the trust store of your jvm the cert chain (Certificate(s) of Authority) of the IIS server you are contacting.
You will need to add to the keystore the certificate you plan to use, if the IIS server is internal this can be a self generated cert otherwise you will need to purchase one from a Certificate of Authority.
Note: the last option of -Djavax.net.debug=ssl,handshake provides you with debug information for SSL handshaking so that you can see what happens when you hit the HTTPS enpoint in your code. You will see the exchanging and verification of the certificates.