Secure Socket Layer (SSL)
This provides secure communication for web services. SSL is
commonly used with HTTP and so can be used with SOAP services.
SSL optionally allows the communicating parties (client <-> server)
to ensure the identity of the other party. Once this has been
established, SSL provides an encrypted connection between the
client and server. The connection includes a secure hash function
(silimlar to a checksum) so that data is not modified during the
transit. This then allows sensitive information to be transmitted
over the internet.
Jemboss uses Java Secure Socket Extension (JSSE - now in J2SDK, v.1.4)
to implement SSL.
Note that the certificates expire after about 3 months. To find
exactly when a certificate expires use the command:
keytool -printcert -file client.cer
Renewing expired certificates
The 'key.sh' script (in $EMBOSS_INSTALL/share/EMBOSS/jemboss/utils)
can be used to generate a new set of certificates.
The script asks a set of questions and runs keytool. It will ask
for a password and THIS SHOULD BE THE SAME AS THAT GIVEN IN
$TOMCAT/conf/server.xml.
Make the new certificates in a temporary directory & then replace
those in $EMBOSS_INSTALL/share/EMBOSS/jemboss/resources (i.e. client.*
& server.*). Stop and start tomcat using 'tomstop' and 'tomstart'.
If a web launch page is being used then the new client certificate
can be wrapped into jar files by running the 'makeJNLP.sh' script
again. This will make a new set of signed jar files that can then
be copied to the Jemboss web directory. Note the same Jemboss.jnlp
and index.html can be used.
Related links
Setting up Apache Tomcat and a Simple Apache SOAP Client for SSL Communication.
Key and Certificate Management Tool.
Sun's JSSE.
Reference guide.