Thank you very much -Jeff
-----Original Message----- From: Ali Sadik Kumlali [mailto:[EMAIL PROTECTED] Sent: Monday, May 22, 2006 1:37 PM To: [email protected] Subject: Re: Adding Digital Signatures to all outgoing SOAP envelopes Hi Jeffrey, Followings are the first steps that come to my mind: 1) Find yourself a tool that ease your work. portecle[1] is my favorite. Other tools such as OpenSSL[2] and keytool[3] are very popular, though. 2) You need to create a keystore file for both client and the server. Later you will store private key and public key certificates in it. 3) Format of keystore file can be either JKS or PKCS#12. Let's use JKS. 4) server.jks should contain private key of server and the public key of the client. 5) client.jks should contain private key of client and the public key of the server. 6) You need to create a keypair which implicitly has your private key. 7) By using portecle, you need to export public key certificate which will later be imported in other jks. 8) Exported public key certificate should be a "cer" file. 9) Now, you need to import the public key certificate into the other jks . 10) Consequently, the keystore file should be as follows: client.jks client private server public server.jks server private client public 11) Here are InflowSecurity and OutflowSecurity of each side. Please note that we use only signing here. There is no encryption. axis2.xml of client ------------------- <parameter name="OutflowSecurity"> <action> <items>Signature</items> <user>client_user</user> <passwordCallbackClass>com.mycompany.service.security.client.PWCallback< /passwordCallbackClass> <signaturePropFile>client_security.properties</signaturePropFile> <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier> </action> </parameter> <parameter name="InflowSecurity"> <action> <items>Signature</items> <signaturePropFile>client_security.properties</signaturePropFile> </action> </parameter> axis2.xml of server ------------------- <parameter name="OutflowSecurity"> <action> <items>Signature</items> <user>server_user</user> <passwordCallbackClass>com.mycompany.service.security.server.PWCallback< /passwordCallbackClass> <signaturePropFile>server_security.properties</signaturePropFile> <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier> </action> </parameter> <parameter name="InflowSecurity"> <action> <items>Signature</items> <signaturePropFile>server_security.properties</signaturePropFile> </action> </parameter> 12) Additional resources I've come through http://jetty.mortbay.org/jetty/faq?s=400-Security&t=ssl#step3 http://www.devx.com/Java/Article/28816/0/page/2 http://www.rsasecurity.com/rsalabs/node.asp?id=2124 Hope this helps. Regards, Ali Sadik Kumlali [1] http://portecle.sourceforge.net/ [2] http://www.openssl.org/ [3] http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html --- "Scudder, Jeffrey W" <[EMAIL PROTECTED]> wrote: > I am trying to configure Axis2 v1.0 to add digital signatures to all > outgoing soap messages by configuring the rampart module. While > filling in the blanks in the OutflowSecurity parameter I realized I > have no idea how to obtain a signature key or have it signed by a CA. > > The implementation will be used in a closed lab, so there is no need > to use an Internet CA (Verisign etc.) > > How do I create a signature key and import is into the Axis2 > framework? > I'm new at this. > > Thank you, > > Jeff Scudder > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
