[jboss-user] [JBoss Web Services] - Re: How can I do mutual SSL when using JBoss as Web service

Richard Gomes do-not-reply at jboss.com
Wed Nov 10 01:16:53 EST 2010 

Richard Gomes [http://community.jboss.org/people/richard.anywhere] created the discussion

"Re: How can I do mutual SSL when using JBoss as Web service"

To view the discussion, visit: http://community.jboss.org/message/570402#570402

--------------------------------------------------------------
As this is high on the Google search results for "jboss WS Client Mutual Certificate" and doesn't have a posted resolution, I thought I'd post what I did to get everything working.

The basic principle here is that BOTH the Web Service (WS) and the Web Service Client (WS-C) need to have the other's key stored as "trusted". Specifically, the following needs to be set ON BOTH SIDES:

  -Djavax.net.ssl.trustStore=/home/dev/.truststore
  -Djavax.net.ssl.trustStorePassword=changeit

Now, both sides also need their own keystore. The key of WS needs to be trusted by WS-C and vice-versa. Set the following ON BOTH SIDES:

  -Djavax.net.ssl.keyStore=/home/dev/.keystore
  -Djavax.net.ssl.keyStorePassword=changeit

To get something up and running quickly, use the same keystore and truststore on both sides ... even simpler, you can create a new keystore and simply copy the output file to also become the truststore:

  $JAVA_HOME/bin/keytool -genkey -alias jboss -keyalg RSA
  cp .keystore .truststore

You can also do an explicit import to load a key into a truststore:

  keytool -import -alias jboss -file certificate -storepass changeit -keystore .truststore

This all worked for me. If possible, please provide feedback on gotchas or success stories relating to the above.

All the best,
Richard
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/570402#570402]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101110/f53287d5/attachment-0001.html

More information about the jboss-user mailing list