Re: Axis SOAP over HTTPS

[Lyndon Tiu]

Hello,
Here are my personal notes on the subject:
1) On client java code:
System.setProperty("javax.net.ssl.trustStore", "C:/Program Files/Apache 
Software Foundation/Tomcat 5.0/conf/ssl/client_truststore/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
System.setProperty("javax.net.ssl.keyStore", "C:/Program Files/Apache 
Software Foundation/Tomcat 5.0/conf/ssl/client_keystore/keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "password");

Note: Modify the paths to fit your environment.
2) On server tomcat's server.xml:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector port="8443"
   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
   enableLookups="false" disableUploadTimeout="true"
   acceptCount="100" debug="0" scheme="https" secure="true"
   clientAuth="true" sslProtocol="TLS"
   keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 
5.0\conf\ssl\server_keystore\keystore"
   keystorePass="password"
   truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 
5.0\conf\ssl\server_truststore\cacerts"
   truststorePass="password" />

Note: Modify "clientAuth" to fit your needs. In our case, we need to 
authenticate the client's certificate as well.

3) On client tomcat's tomcat-users.xml:
<user username="CommonName(CN) in client-side SSL Certificate" 
password="password" roles="admin,manager" />   

Note: This is for client-side authetication related to clientAuth in 
step #2.

4) Optionally, on server tomcat's server.xml:
Comment out:
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified
    during installation  -->
<Connector
   port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
   enableLookups="false" redirectPort="8443" acceptCount="100"
   debug="0" connectionTimeout="20000"
   disableUploadTimeout="true" />
         
To disable non-SSL access.

--
Lyndon Tiu
Faucher, Christian wrote:
Greetings,
 
We are looking to use Axis to invoke a server-side over the internet, 
using HTTPS (not HTTP). 
 
I looked at the documntatino that comes with Axis and I did nto find 
much. 
 
Does anybody have pointers to documentations and examples on how to 
configure Axis (server & client) to run with HTTPS, instead of HTTP?
 
Thanks in advance!
 
_______________________________
*Christian Faucher*
/Développeur Java/J2EE/
/AXA Canada/
/[EMAIL PROTECTED]/ 
<mailto:[EMAIL PROTECTED]>
/(514) 282-6817 ext. 2943/
 
------------------------------------------------------------------------
"Ce message est confidentiel, à l'usage exclusif du destinataire 
ci-dessus et son contenu ne représente en aucun cas un engagement de 
la part de AXA, sauf en cas de stipulation expresse et par écrit de la 
part de AXA. Toute publication, utilisation ou diffusion, même 
partielle, doit être autorisée préalablement. Si vous n'êtes pas 
destinataire de ce message, merci d'en avertir immédiatement 
l'expéditeur."

"This e-mail message is confidential, for the exclusive use of the 
addressee and its contents shall not constitute a commitment by AXA, 
except as otherwise specifically provided in writing by AXA. Any 
unauthorized disclosure, use or dissemination, either whole or 
partial, is prohibited. If you are not the intended recipient of the 
message, please notify the sender immediately."