How to use ssl for webservices

Please tell step by step. I already have my webservices running in jboss (w/o ssl)
LVL 3
kumvjuecAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

riyasjefCommented:
0
kumvjuecAuthor Commented:
Can you please tell me the steps. I already have a webservices project that runs without ssl.
0
EricCommented:
the free Quick Documentation that can be downloaded from jboss.org has instructions on how to use SSL with JBoss / Tomcat on pp. 153-156.
0
EricCommented:
Using SSL with JBoss
Author:Tom Coleman <tcoleman@autowares.com>

Introduction
Adding SSL (Secure Socket Layer) support is simple using JBoss 2.4 with either Tomcat or Jetty Web containers. The specific releases used were JBoss 2.4 BETA Rel_2_4_0_23 with Tomcat 3.2.2, and JBoss-2.4.0_Jetty-3.1.RC8-1.

The target system was a RH Linux 6.2 system using the Sun 1.3 JDK and Sun's Secure Socket Extension, JSSE 1.0.2.

Outstanding Deployment Issues
Multiple site certificates. Support of certificates for multiple sites is currently under discussion. Please post your requirements to the forums or the jboss-user mailing list.

Contributors:
Scott Stark

Installation & Configuration
Download JSSE

If you are using JDK 1.3 or 1.2, JSSE is optional. Download it from Sun's JSSE Page. Jump through the hoops as required.

If you are using JDK 1.4, JSSE is included. But then, JDK 1.4 is another story.

Install JSSE

Follow steps 1 through 5 of the JSSE installation instructions.

If you need to run 'keytool' on your system to create and/or import certificates, copy the JSSE jars to $JAVA_HOME/jre/lib/ext.

Generate a Server Key and Certificate

The following shell script can be used to create a "self-signed" server certificate for testing:

The keystore file will be generated in the directory from which you run keytool. Copy the keystore file to an appropriate directory.

 
keytool -genkey -alias tomcat -keyalg RSA \
   -dname 'CN=your.domain.com, OU=Skunk Works Unit, O=Your Organization, L=Your Location, S=Your State, C=US' \
   -keypass changeit \
   -storepass changeit \
   -keystore server.keystore
      

It should be possible to import existing certificates generated with OpenSSL using keytool. See the section Importing SSL certificates in the Tomcat documentation.

Configure Web Container

If using Tomcat - Find the section in the Tomcat server.xml configuration file that starts with, "Uncomment this for SSL support". Uncomment the following section, and insert the location of your server key.

 
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
    <Parameter name="handler"
        value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
    <Parameter name="port"
        value="8443"/>
    <Parameter name="socketFactory"
        value="org.apache.tomcat.net.SSLSocketFactory" />
    <Parameter name="keystore" value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" />
    <Parameter name="keypass" value="changeit" />
</Connector>
      
       
Copy the JSSE jars to your $TOMCAT_HOME/lib directory.

If using Jetty - Find the section in the $JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file that starts with, "Uncomment this to add an SSL listener". Uncomment the following section, and insert the location of your server key.

 
<Call name="addListener">
  <Arg>
    <New class="com.mortbay.HTTP.SunJsseListener">
      <Set name="Port">8443</Set>
      <Set name="MinThreads">5</Set>
      <Set name="MaxThreads">255</Set>
      <Set name="MaxIdleTimeMs">50000</Set>
      <Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/etc/server.keystore</Set>
         <Set name="Password">changeit</Set>
         <Set name="KeyPassword">changeit</Set>
    </New>
  </Arg>
</Call>
      
       
Start JBoss

Start JBoss and point your browser to https://your-server-name.your-domain:8443 to test your SSL implementation.

If using "self-signed" certificates, you may have to import your test certificate into your browser.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.