0 Replies Latest reply on Jun 10, 2010 10:24 AM by Fernando Villarreal

    Web services over SSL configuration issues

    Fernando Villarreal Newbie

      Hi everyone,

           We're working with JBoss 4.2.3GA to publish a web service. We have to publish it over SSL with certificate validation.

      We activated SSL on server.xml like this


      <Connector port="8181" address="${jboss.bind.address}"
                  protocol="HTTP/1.1" SSLEnabled="true"
                  maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
                  scheme="https" secure="true" clientAuth="true"
                  sslProtocol = "TLS"


      Jboss worked fine but when we get the WSDL on both HTTP and HTTPS the soap:address was always the same


      <soap:address location='http://ws.testing.com:8080/testing-web/TestingService'/>


      So we had to patch Jboss with jboss-native 3.2.2GA (the last version that works with JBoss 4.2.3GA) and changed the web service's web.xml file to add:


            <web-resource-name>All resources</web-resource-name>


      Now every time I get the WSDL it responds with


      <soap:address  location='https://ws.testing.com:8181/testing-web/TestingService'/>


      Here comes the first question:


      is it possible to get

      <soap:address  location='http://ws.testing.com:8080/testing-web/TestingService'/>

      when I get it from HTTP and get

      <soap:address  location='https://ws.testing.com:8181/testing-web/TestingService'/>

      when I get it from HTTPS?


      Second question:

      Now, working like this it works just fine from a Java application using the server's keystore as a truststore and server's truststore as keystore.


      I can also get the wsdl from command line with openssl

      openssl s_client -connect ws.testing.com:8181 -cert client.cert

      and then

      GET /testing-web/TestingService?wsdl


      But from a web browser i got an error:



      Error 117 (net::ERR_BAD_SSL_CLIENT_AUTH_CERT): Certificado de autenticación de cliente SSL no válido



      El otro extremo de la conexión SSL no esperaba un mensaje de negociación que ha recibido.

      (Código de error: ssl_error_handshake_unexpected_alert)


      Does anyone know how to solve this issue?




      Fernando Villarreal