Secure Socket Layer (SSL)

This provides secure communication for web services. SSL is commonly used with HTTP and so can be used with SOAP services. SSL optionally allows the communicating parties (client <-> server) to ensure the identity of the other party. Once this has been established, SSL provides an encrypted connection between the client and server. The connection includes a secure hash function (silimlar to a checksum) so that data is not modified during the transit. This then allows sensitive information to be transmitted over the internet. Jemboss uses Java Secure Socket Extension (JSSE - now in J2SDK, v.1.4) to implement SSL.

Note that the certificates expire after about 3 months. To find exactly when a certificate expires use the command:

keytool -printcert -file client.cer

Renewing expired certificates

The '' script (in $EMBOSS_INSTALL/share/EMBOSS/jemboss/utils) can be used to generate a new set of certificates. The script asks a set of questions and runs keytool. It will ask for a password and THIS SHOULD BE THE SAME AS THAT GIVEN IN $TOMCAT/conf/server.xml. Make the new certificates in a temporary directory & then replace those in $EMBOSS_INSTALL/share/EMBOSS/jemboss/resources (i.e. client.* & server.*). Stop and start tomcat using 'tomstop' and 'tomstart'. If a web launch page is being used then the new client certificate can be wrapped into jar files by running the '' script again. This will make a new set of signed jar files that can then be copied to the Jemboss web directory. Note the same Jemboss.jnlp and index.html can be used.

Related links

Setting up Apache Tomcat and a Simple Apache SOAP Client for SSL Communication.
Key and Certificate Management Tool.
Sun's JSSE.
Reference guide.