1 Reply Latest reply on Dec 30, 2009 12:49 AM by mark crosbie

    Using JBoss to call web services on hosted on IIS using https

    Vineet Singh Newbie

      We have been trying to call web services developed on dot net 3.5 and hosted on IIS server from our Jboss application. We had added SSLUtils.java on the java code and were testing the integration with https WCF but are getting the ‘policy not supported’ exception in jboss logs. The settings in web.config look fine, we changed few things and test against those.  Below are the few things we had tried on the Web.config on WCF.

       

      1.Tried Both

      <!--

      <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />

      -->

      and

      <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />

       

      2.Tried both

       

      <security mode="Transport">

             <transport clientCredentialType="None"/>

      </security>

      and

      <security mode="TransportWithMessageCredential" />

             <message clientCredentialType="Certificate" />

      </security>

       

      3. Tried

       

      <security mode="Transport">

      <transport clientCredentialType="Certificate"/>

       

      Any pointers of suggestions will be very helpful.

       

      Thanks in advance,

      Vineet

        • 1. Re: Using JBoss to call web services on hosted on IIS using https
          mark crosbie Newbie

          If the binding policy is declared in the https wsdl file and you have a certificate from your development IDE to connect then using the netbeans IDE 6.5.1 you should be able to create a web service client from WSDL and can configure the security accordingly or if you have a local copy of the wsdl and the security policy is specified there again the NET beans IDE web service client from wsdl can be used and configured under right click on the web service reference Edit web service attributes.  However it is quite possible that no such security policy is declared in the WSDL and therefore you can configure the security in your JVM startup (which is how I do this) with the options of:

           

          # JVM JAVA_OPTS

          export JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxPermSize=1024m -Djavax.net.ssl.trustStore=/home/jboss/jboss-ssl/mytrustsore.truststore -Djavax.net.ssl.trustStorePassword=mytruststorepass -Djavax.net.ssl.keyStore=/home/jboss/jboss-ssl/mykeystore.keystore -Djavax.net.ssl.keyStorePassword=mykeystorepass -Djavax.net.debug=ssl,handshake"

           

          In the above "mystrustsore.trustsore" is a file created from using openssl or keytool and "mytruststorepass" is the password for opening this file.

          and "mykeystore.keystore" is a file created from using openssl or keytool and the "mykeystorepass" is the password for opening this file.

          You will need to add to the trust store of your jvm the cert chain (Certificate(s) of Authority) of the IIS server you are contacting.

          You will need to add to the keystore the certificate you plan to use, if the IIS server is internal this can be a self generated cert otherwise you will need to purchase one from a Certificate of Authority.

           

          Note: the last option of -Djavax.net.debug=ssl,handshake provides you with debug information for SSL handshaking so that you can see what happens when you hit the HTTPS enpoint in your code.  You will see the exchanging and verification of the certificates.