Menu
▾
▴
RE: [ebxmlms-general] Configuring SSL and Hermes - step by stepGuide
|
From: Tanveer, A. \(NIH/OD\) [C] <tan...@od...> - 2006-05-08 20:04:45
|
Ladislav, Here are couple of questions. You may be able to help with this. 1) In your configuration what port address you specified in msh.properties and msh_client.properties file under <URL> ...</URL>. I assume it has to be the SSL port of Tomcat. Right? 2) I understood that I will generate two sets of keystores (and 2 sets of certificates to be imported into the other party's keystore). In your email you asked to modify msh*.propeties file to specify the keystore name/password there. But how does the tomcat configuration come into picture? Or is that not a necessary step? Typically I would specify the keystore name/password in the Tomcat server.xml under the <Connector>...</Connector> tag. Is that not necessary to do when I am running hermes in SSL mode? Only modifying the hermes properties (msh*.properties) is sufficient? I am just trying to understand difference or relationship between tomcat's configuration for SSL (in its server.xml) and Hermes' SSL configuration (in msh*.properties files). Thanks again for your time and help. |----------------------------------------------------------------------- ----| Ashique Tanveer | Booz | Allen | Hamilton=20 | | Contractor, eRA Project, National Institute Of Health | Off: 301-451-1772 | Fax: 925-889-3635 | Email: tan...@od..., tan...@ba...=20 | Learn Java, Teach Java, Talk Java, Join a JUG | http://servlet.java.sun.com/jugs/north_america/usa/maryland/rockville |----------------------------------------------------------------------- ---- -----Original Message----- From: Ladislav Urban [mailto:lad...@we...]=20 Sent: Monday, May 08, 2006 3:25 PM To: ebx...@li... Subject: RE: [ebxmlms-general] Configuring SSL and Hermes - step by stepGuide Hello Ashique, we use SSL configuration for hermes. You can set it up the same way as for tomcat.=20 Are you going to use selfsigned certs? 1st Step create generate keys in keystores of both tomcats. The kystore is usually in root directory of the tomcat and its name is .keystore example: keytool -genkey -keyalg "RSA" -dname "cn=3Dcompany1, ou=3Dcompany, o=3Dcompany1, c=3DUS" -keystore ./.keystore -alias tomcat -keypass password222 -storepass password222 2nd Step: Configuration of msh.properties.xml <SSL> <HostnameVerifier>com.webswell.hermes.NullHostVerifier</HostnameVerifier > <TrustedAnchor> <!-- Trust keystore for SSL Server Authentication --> <KeyStore> <Path>/usr/local/Webswell/jakarta-tomcat</Path> <File>.keystore</File> <Password>password222</Password> </KeyStore> </TrustedAnchor> <ClientAuth> <URL></URL> <KeyStore> <Path></Path> <File></File> <Alias></Alias> <Password></Password> </KeyStore> </ClientAuth> </SSL> As you can see we do have null host verifier. It switch off verification of host name in http request against host name in credentials. I can send you the java code. 3rd Step=20 Export public part of the generated keys from both keystores. This will create the selfsigned certificate files. keytool -export -alias tomcat -keystore ./.keystore -storepass password222 -file ./company1.cer and import the certificates to the opposite keystore. Ladislav=20 On Mon, 2006-05-08 at 12:53 -0400, Tanveer, Ashique (NIH/OD) [C] wrote: > =20 >=20 > I guess I am looking for something like a "SSL configuration with > Hermes for dummies". Assuming I have two Hermes server running on > Tomcat server, what are the steps (generate the certificate, keystore > etc,?) to have both Hermes communicate via SSL. I assume some > configuration needed on the tomcat as well as hermes properties files? > Any tips would help. >=20 > =20 >=20 > Thanks >=20 > -- Ashique >=20 > =20 >=20 > |----------------------------------------------------------------------- ------------ >=20 > | Ashique Tanveer >=20 > | Booz | Allen | Hamilton >=20 > | >=20 > | Contractor, eRA Project, National Institute Of Health >=20 > | Off: 301-451-1772 | Fax: 925-889-3635 >=20 > | Email: tan...@od..., tan...@ba...=20 >=20 > |----------------------------------------------------------------------- ------------ >=20 >=20 > =20 > ______________________________________________________________________ > From: David RR Webber (XML) [mailto:da...@dr...]=20 > Sent: Monday, May 08, 2006 12:33 PM > To: ebx...@li... > Subject: [ebxmlms-general] Configuring SSL and Hermes - step by step > Guide >=20 >=20 > =20 >=20 > Team, >=20 >=20 > =20 >=20 >=20 > Does anyone have any notes they can share on setting up Hermes <-> > Hermes using SSL? >=20 >=20 > =20 >=20 >=20 > The Hermes docs are not forthcoming on this - so would be helpful to > have something available. >=20 >=20 > =20 >=20 >=20 > More to the point - if you succeeded in getting this working - can you > share the steps you=20 >=20 >=20 > had to go thru?! >=20 >=20 > =20 >=20 >=20 > Thanks, DW >=20 >=20 > ------------------------------------------------------- Using Tomcat > but need to do more? Need to support web services, security? Get stuff > done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 _______________________________________________ ebxmlms-general mailing list ebx...@li... https://lists.sourceforge.net/lists/listinfo/ebxmlms-general=20 >=20 >=20 --=20 Ladislav Urban CEO Webswell Inc. 1333 Howe Avenue, Suite 100 Sacramento, 95825 CA email: lad...@we... phone: +1 (916) 290-2040 fax: +1 (916) 921-2850 http://www.webswell.com ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D= 121642 _______________________________________________ ebxmlms-general mailing list ebx...@li... https://lists.sourceforge.net/lists/listinfo/ebxmlms-general |
