RE: [ebxmlms-general] Configuring SSL and Hermes - step by step Guide

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello Ashique,
we use SSL configuration for hermes. You can set it up the same way as
for tomcat. 
Are you going to use selfsigned certs?

1st Step
create generate keys in keystores of both tomcats. The kystore is
usually in root directory of the tomcat and its name is .keystore

example:
keytool -genkey -keyalg "RSA" -dname "cn=company1, ou=company,
o=company1, c=US" -keystore ./.keystore -alias tomcat -keypass
password222 -storepass password222

2nd Step:

Configuration of msh.properties.xml
<SSL>

<HostnameVerifier>com.webswell.hermes.NullHostVerifier</HostnameVerifier>
      <TrustedAnchor>
        <!-- Trust keystore for SSL Server Authentication -->
        <KeyStore>
          <Path>/usr/local/Webswell/jakarta-tomcat</Path>
          <File>.keystore</File>
          <Password>password222</Password>
        </KeyStore>
      </TrustedAnchor>
      <ClientAuth>
        <URL></URL>
        <KeyStore>
          <Path></Path>
          <File></File>
          <Alias></Alias>
          <Password></Password>
        </KeyStore>
      </ClientAuth>
    </SSL>

As you can see we do have null host verifier. It switch off verification
of host name in http request against host name in credentials. I can
send you the java code.

3rd Step 

Export public part of the generated keys from both keystores. This will
create the selfsigned certificate files.
 keytool -export -alias tomcat -keystore ./.keystore  -storepass
password222 -file ./company1.cer

and import the certificates to the opposite keystore.

Ladislav 

On Mon, 2006-05-08 at 12:53 -0400, Tanveer, Ashique (NIH/OD) [C] wrote:
>  
> 
> I guess I am looking for something like a “SSL configuration with
> Hermes for dummies”.  Assuming I have two Hermes server running on
> Tomcat server, what are the steps (generate the certificate, keystore
> etc,?)  to have both Hermes communicate via SSL. I assume some
> configuration needed on the tomcat as well as hermes properties files?
> Any tips would help.
> 
>  
> 
> Thanks
> 
> -- Ashique
> 
>  
> 
> |-----------------------------------------------------------------------------------
> 
> | Ashique Tanveer
> 
> | Booz | Allen | Hamilton
> 
> |
> 
> | Contractor, eRA Project, National Institute Of Health
> 
> | Off:   301-451-1772  | Fax: 925-889-3635
> 
> | Email:  tan...@od..., tan...@ba... 
> 
> |-----------------------------------------------------------------------------------
> 
> 
>                                    
> ______________________________________________________________________
> From: David RR Webber (XML) [mailto:da...@dr...] 
> Sent: Monday, May 08, 2006 12:33 PM
> To: ebx...@li...
> Subject: [ebxmlms-general] Configuring SSL and Hermes - step by step
> Guide
> 
> 
>  
> 
> Team,
> 
> 
>  
> 
> 
> Does anyone have any notes they can share on setting up Hermes <->
> Hermes using SSL?
> 
> 
>  
> 
> 
> The Hermes docs are not forthcoming on this - so would be helpful to
> have something available.
> 
> 
>  
> 
> 
> More to the point - if you succeeded in getting this working - can you
> share the steps you 
> 
> 
> had to go thru?!
> 
> 
>  
> 
> 
> Thanks, DW
> 
> 
> ------------------------------------------------------- Using Tomcat
> but need to do more? Need to support web services, security? Get stuff
> done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ ebxmlms-general mailing list ebx...@li... https://lists.sourceforge.net/lists/listinfo/ebxmlms-general 
> 
> 
-- 
Ladislav Urban
CEO
Webswell Inc.
1333 Howe Avenue, Suite 100
Sacramento, 95825 CA
email: lad...@we...
phone: +1 (916) 290-2040
fax: +1 (916) 921-2850
http://www.webswell.com