[jboss-user] [JBoss Web Services] - Re: How can I do mutual SSL when using JBoss as Web service
Richard Gomes
do-not-reply at jboss.com
Wed Nov 10 01:16:53 EST 2010
Richard Gomes [http://community.jboss.org/people/richard.anywhere] created the discussion
"Re: How can I do mutual SSL when using JBoss as Web service"
To view the discussion, visit: http://community.jboss.org/message/570402#570402
--------------------------------------------------------------
As this is high on the Google search results for "jboss WS Client Mutual Certificate" and doesn't have a posted resolution, I thought I'd post what I did to get everything working.
The basic principle here is that BOTH the Web Service (WS) and the Web Service Client (WS-C) need to have the other's key stored as "trusted". Specifically, the following needs to be set ON BOTH SIDES:
-Djavax.net.ssl.trustStore=/home/dev/.truststore
-Djavax.net.ssl.trustStorePassword=changeit
Now, both sides also need their own keystore. The key of WS needs to be trusted by WS-C and vice-versa. Set the following ON BOTH SIDES:
-Djavax.net.ssl.keyStore=/home/dev/.keystore
-Djavax.net.ssl.keyStorePassword=changeit
To get something up and running quickly, use the same keystore and truststore on both sides ... even simpler, you can create a new keystore and simply copy the output file to also become the truststore:
$JAVA_HOME/bin/keytool -genkey -alias jboss -keyalg RSA
cp .keystore .truststore
You can also do an explicit import to load a key into a truststore:
keytool -import -alias jboss -file certificate -storepass changeit -keystore .truststore
This all worked for me. If possible, please provide feedback on gotchas or success stories relating to the above.
All the best,
Richard
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/570402#570402]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101110/f53287d5/attachment-0001.html
More information about the jboss-user
mailing list