Wednesday, February 23, 2011

Web service Lookup over SSL


Web service Lookup over SSL

    About web service lookup step
 This step performs a Web Services lookup using the Web Services Description Language, WSDL for short.

Problem Statement

WS lookup work fine with the services hosted on non SSL web server. However its throws certificate exception while accessing it over SSL.

Description
Webservice lookup step is the one of the step used in integrating the PDI with other SOA based web application. Exposed services can be accessed on HTTP or HTTPS (ssl). WS lookup step works fine with HTTP. However it throws certificate exception when accessed over SSL. This exception is obvious as there is no mechanism to store or validate the certificate through WS lookup step. The workaround for this is to add the certificate to the JVM keystore.
The following are the steps to add the certificate to the JVM keystore.

    Steps Followed
    Configuring Web server over SSL
  1. Generate a private key and stored in keystore
    2. keytool -genkey -alias rac-004 -keyalg RSA -keystore D:\Keystore\keystore
    This will generate a public and private key at the key store located at D:\Keystore\
  2. Configure Web server to use the above generated key
    3. Open server.xml located at <tomcat-home>/conf and made the following changes
    protocol="org.apache.coyote.http11.Http11Protocol"
    port="443"
    keystoreFile="D:\Keystore\keystore"
    keystorePass="saama123"
    Do the following changes
    Configuration to add certificate to JVM key store at Client
  3. Export the certificate Method 1
    • In Mozilla hit the URL to access secured site
    • Open the certificate viewer dialog
    • Goto "Details" tab
    • Click on "Export" button
    • Save the certificate at appropriate location
  4. Export the certificate Method 2
    5. keytool -export -alias rac-004-1 -keystore "C:\Program Files\Java\jre6\lib\security\cacerts" -file D:\Keystore\rac-004New.crt
    The above command will generate certificate from the keystore where private key and certificate are store. This command should run at server where certificate is generated
  5. Import the certificate as trusted to the default JVN key store
    • Default location of keystore used by JVM
      • <JAVA_HOME>/jre6/lib/security
    • Command to import certificate
      • keytool -import -alias rac-004-1 -keystore "C:\Program Files\Java\jre6\lib\security\cacerts" -trustcacerts -file D:\Keystore\rac-004.crt
      • It will ask for password. changeit is the default password.
    Here
    rac-004-1 is the alias used while generating key
    -keystore : specify the JVM keystore file
Posted by at No comments:
Subscribe to: Posts (Atom)