Thanks for your quick reply! I think we've already set up ssl according to that guide. However we are not sure what differences in configuration there should be between the client side and the web service side. Currently I have my jboss standalone.xml configured like this:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="jboss" key-alias="172.17.152.145" password="password" certificate-key-file="c:\dev\gen\ssl_keystore\jboss.keystore" protocol="TLSv1"/> </connector>
with jboss.keystore being the Java keystore where I created the self-signed private/public key pair.
I exported the certificate and gave it to my colleague, who now has it in his cacerts file, and I believe his standalone.xml looks something like this:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="ssl" protocol="TLSv1" ca-certificate-file="c:\java\jdk1.7.0_05\jre\bin\security\cacerts"/>
But ssl is not working! (I'm unsure here.. am I also supposed to have his certificate and he his own keystore or can it work one way like this?) I believe the error he received when trying to connect was a http error 400, but I need to confirm. We were thinking the reason for the error was that it was not forcing ssl, that is it was starting off with https and then reverting back to http. We believe the reason for that was that the generated wsdl has the following:
<wsdl:port binding="tns:SecretCodeServiceSoapBinding" name="SecretCodePort">
which is http and port 8080 instead of https and port 8443. (Regardless of whether I access the wsdl over http or https)
So then, I was trying to enforce ssl by adding that transport guarantee = confidential line, but currently I am unable.
Any thoughts on what we could be doing wrong? (I should double check what the actual error was later when its possible)
Update: it is "working" now, in that there are no more errors, but still it is not using ssl (I can sniff the messages with wireshark and the soap is being sent over http and the contents are clearly visible to me).
First, we are wondering, how can we force ssl to be used? (I assume by setting transport guarantee to confidential, although I'm not sure how to do this and whether it needs to specified in xml or can be done through annotations).
Second, if we permit a choice of ssl, how do we make the client choose ssl? As I said above, the wsdl being generated has a port binding address location which is http not https, regardless of whether we get the wsdl over http or over https. Furthermore, the client code uses the annotation:
which is an ssl location, but ssl is not being used.