Solved

Java Web service client  usage of SSL certificate for SOAP over HTTPS

Posted on 2012-03-22
2
5,536 Views
Last Modified: 2012-05-24
I have a simple java webservice client (no container) that makes a Web service call (SOAP) over HTTP.Now the server (service provider) is moving to HTTPS  . I am on a Red Hat Linux env. , I am wondering what steps I need to take to make this happen  ? Since I am not running this on a cotainer (servlet or EE) I am scared that I have to do a lot of  work on my side ?

As a developer do I have to worry about anything .Its working well with HTTP the move to HTTPS is worrying me ..as I dont have a lot of resources at my end  .
0
Comment
Question by:Shaunsmith
2 Comments
 
LVL 7

Assisted Solution

by:gudii9
gudii9 earned 250 total points
ID: 37754361
Here is intersting explanation, links


When Webservices are used, a common concern is security: SOAP messages are transferred in plain text over the network, so anyone with a sniffer could intercept the SOAP message and read it. In my opinion this could happen also to binary data, but probably it requires a little bit more hacker skills. So a solution is to use HTTPS (SSL) instead of HTTP, so the communication is encrypted. To accomplish this, you need to get and install a certificate (issued by a Certificate Authority) on your webserver. In a production environment you would buy a certificate from Verisign or another well known CA, or you would install your own CA, which is a component of Windows Server. If you only want to play with HTTPS, SSL and certificates or your project is in the development phase, you can also generate a test certificate using the MakeCert.exe tool (included in the .NET Framework SDK). After that you have to add this certificate to a website in IIS, and set a port which HTTPS should use.

When you browse to a HTTPS site, you probably get a dialog window asking you if you want to trust the certificate provided by the webserver. So the responsibility of accepting the certificate is handled by the user. Let's get back to the webservice scenario, if you want to invoke a webservice located on a webserver which uses SSL and HTTPS there is a problem. When you make the call from code, there is no dialog window popping up, and asking if you trust the certificate (luckily because this would be pretty ugly in server-side scenarios); probably you'll get following exception:
An unhandled exception of type 'System.Net.WebException' occurred in system.dll

Additional information: The underlying connection was closed: Could not establish trust relationship with remote server.

But there is a solution for this problem, you can solve this in your code by creating your own CertificatePolicy class
http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html

http://weblogs.asp.net/jan/archive/2003/12/04/41154.aspx

http://forums.instantiations.com/topic-12-2408.html

http://forums.devx.com/showthread.php?t=56937
0
 
LVL 47

Accepted Solution

by:
for_yan earned 250 total points
ID: 37754372
You should not need container to use the client of web service - you should be able to handle it without container.

look here:
http://stackoverflow.com/questions/1255083/consuming-https-web-services

and the lnink inside:

http://stackoverflow.com/questions/875467/java-client-certificates-over-https-ssl
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
simple java question 3 44
javap bin 2 30
F5 SSL Sticky Load Balancing Question 3 30
MySqlDump not dumping triggers 1 19
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now