Sun Microsystems 5.1.1 manual Windows OpenSSL.cnf File Example, # SSLeay example properties file

Page 38

Chapter 4	Section 4.4
Operating SSL	Using the OpenSSL Utility

create an initial serial number file used for tracking certificate signing. This certificate will be valid for 365 days.

4

keytool -import -keystore clientkeystore -file client.cer -alias client

Enter keystore password: seebeyond

keytool error: java.lang.Exception: Failed to establish chain from reply

You get an exception because there is no certificate chain in the client certificate so we have to import the CA’s certificate into the KeyStore first. You can then import the client.cer itself to form a certificate chain. You need the following steps:

5

keytool -import -keystore clientkeystore -file CA ca-certificate.pem.txt -alias theCARoot

Enter keystore password: seebeyond

Owner: EmailAddress=development@seebeyond.com, CN=development.seebeyo nd.com, OU=Development, O=SeeBeyond, L=Monrovia, ST=California, C=US Issuer: EmailAddress=development@seebeyond.com, CN=development.seebey ond.com,

OU=Development, O=SeeBeyond, L=Monrovia, ST=California, C=US Serial number: 0

Valid from: Tue May 08 15:09:07 PDT 2001 until: Wed May 08 15:09:07 PDT 2002

Certificate fingerprints:

MD5: 60:73:83:A0:7C:33:28:C3:D3:A4:35:A2:1E:34:87:F0

SHA1: C6:D0:C7:93:8E:A4:08:F8:38:BB:D4:11:03:C9:E6:CB:9C:D0:72:D0

Trust this certificate? [no]: yes Certificate was added to keystore

6

keytool –import –keystore clientkeystore –file client.cer –alias client

Enter keystore password: seebeyond

Certificate reply was installed in keystore

Now that we have a private key and an associating certificate chain in the KeyStore clientkeystore, we can use it as a KeyStore for client (eWay) authentication. The only warning is that the CA certificate must be imported into the trusted certificate store of the Web server to which you will be connecting. Moreover, the Web server must be configured for client authentication (httpd.conf for Apache, for example).

This appendix contains the contents of the openssl.cnf file that can be used on Windows. Be sure to make the appropriate changes to the directories.

4.4.3Windows OpenSSL.cnf File Example

This section contains the contents of the openssl.cnf file that can be used on Windows. Be sure to make the appropriate changes to the directories.

#

# SSLeay example properties file.

HTTPS eWay Adapter User’s Guide

38

Sun Microsystems, Inc.

Image 38

Contents EWAY Https Adapter USER’S Guide Version Contents Additional SSL Section Notes Verify hostname Http Settings Proxy Configuration Security AuthenticationHttp OTD Method Descriptions Connection Pool Settings Server Mode OperationRunning the Sample Running the Sample in SSL Mode Implementing the Https eWay JCD Sample ProjectsAbout Http and Https What’s in This ChapterWeb Browser Cookies About the Https eWayHttp Messages Cookie Expiration Date Checking Sample Http Exchange in Client ModeGET and Post Methods Sample Http Exchange in Server Mode Body HtmlWhat’s New in This Release Sample Input FormAbout This Document Text Conventions ScopeIntended Audience Https eWay JavadocDocumentation Feedback Related DocumentsSun Microsystems, Inc. Web Site Installing the Https eWay Https eWay System RequirementsInstalling the Https eWay on an eGate supported system After you have installed eGate or eInsight, do the followingSteps to extract the Javadoc include After InstallationExtracting the Sample Projects and Javadocs Steps to extract the Sample Projects includeExport the Project Ican 5.0 Project Migration ProceduresInstall Java Caps Import the ProjectInstalling Enterprise Manager eWay Plug-Ins To View the eWay Alert Codes Viewing Alert CodesTo add plug-ins from the Enterprise Manager Https eWay Alert CodesHTTPCLIENTEWAY-CONNECT Overview of eWay OTDs Https Client OTDHttps Server OTD Http OTD Method DescriptionsInput Server Request Node Input Server Response Node Working with the Server OTDCollaboration Example SendResponse ExampleOperating SSL OverviewHacker Https eWayKeyStores KeyStores and TrustStoresGenerating a KeyStore and TrustStore Creating a KeyStore in JKS FormatTo generate a KeyStore Creating a KeyStore in PKCS12 Format Creating a TrustStore Using an Existing TrustStoreTrustStores To create a new TrustStoreSSL Handshaking EWay ClientServer Client EWay Server WebUsing the OpenSSL Utility Creating a Sample CA CertificateSigning Certificates With Your Own CA Windows OpenSSL.cnf File Example # SSLeay example properties fileChapter Section Operating SSL Using the OpenSSL Utility Copyright 1998-2001 The OpenSSL Project. All rights reserved Creating and Configuring the Https eWay Configuring the eWay Connectivity Map PropertiesTo configure the Https eWay properties To configure the Https Server eWay propertiesConfiguring the eWay Environment Properties Connectivity Map with Components ServerTo Configure the Environment Properties EWay Connectivity Map PropertiesHttps Server eWay Configuration Sections Include Configuring the Connectivity Map Https eWay PropertiesHttps eWay Configuration Sections Include Http eWay-HTTP SettingsHttp Server eWay-HTTP Server External Configuration EWay Environment PropertiesHttp Settings Environment Configuration-HTTP SettingsProxy Configuration Environment Configuration-Proxy ConfigurationName Description Required Value Proxy Port Proxy passwordSecurity Proxy UsernameEnvironment Configuration-Security, SSL AuthenticationEnvironment Configuration-Security, Authentication Rovider Name Description Required Value Jsse Provider ClassCom.sun.net.ssl.internal.ssl.P Com.ibm.jsse.IBMJSSEProvidDescription Additional SSL Section NotesVerify hostname Required ValuesAdditional information Connection Pool SettingsEnvironment Configuration-Connection Pool Settings Setting Acceptor Threads Property for Https Server Mode Implementing the Https eWay Bpel Sample Projects EInsight Engine and ComponentsReceive Business Rule Designer Output Nodes Server Mode OperationHttps eWay With eInsight Node Name DescriptionReceive Business Rule Designer Output Nodes About the Https eWay eInsight Sample Projects Importing a Sample ProjectBuilding and Deploying the prjHTTPClientBPEL Sample Project Project OverviewInput and Output Data GET Command GetSample.xmlProject Operations Creating the OTD Post Command PostSample.xmlCreating a Project Sample DTD MultipleDataIn.dtdOTD Wizard Selection Include DTDs to Selected List Creating a Business Process OTD OptionsLogic of the Business Process Case Activity Result Business Process CasesTo create a Business Process Business Process Icons Client Business Process With Link Business Rules Client Business Rule Designer First Link Business Rule Business Rule Designer Second Link Business Rule Business Rule Designer Third Link Business Rule Business Rule Designer Case 1 Business Rule Business Rule Designer Case 2 Business Rule Decision Gate Properties Dialog Box Case Creating a Connectivity Map To create a Connectivity MapDefining the Business Process Selecting External ApplicationsPopulating the Connectivity Map To select external applicationsBinding the eWay Components Steps required to bind eWay components togetherCreating an Environment Environment Editor envHTTPClientBPELCmHTTPClient Inbound File eWay Settings Configuring the eWaysConfiguring the Https eWay Properties CmHTTPClient Outbound File eWay SettingsConfiguring the Integration Server Creating and Activating the Deployment ProfileCreating and Starting the Domain Create and Start the DomainBuild the Project Building and Deploying the ProjectRunning the Sample ƒ postBPELHTTPS Content of postBPELHTTPS.html is Building and Deploying the prjHTTPServerBPEL Sample ProjectProject Forms Server Sample Project Original FormServer Sample Project Input Form Next step is to create the Project’s Business Process Business Process Icons for Receive and Reply Business Process Icons With Server Business Rules Business Rule Designer Server Receive Business Rule Creating a Connectivity Map Connectivity Map With Components prjHTTPServerBPEL Creating an Environment Running the Sample in SSL Mode ƒ postBPELHTTPS.html input filePermission java.util.PropertyPermission * read, write Implementing the Https eWay JCD Sample Projects About the Https eWay JCD Sample ProjectsBuilding and Deploying the prjHTTPClientJCD Sample Project Https eWay Sample Project Java Collaboration Based SampleIn DTD SampleIn.dtd Creating the Collaboration Definition Java JcdHTTPClient Collaboration Definition Part 101 Connectivity Map With Components prjHTTPClientJCD 103 Building and Deploying the prjHTTPServerJCD Sample Project ƒ Project Overview onƒ postJCEHTTPS 106 107 JcdHTTPServer Collaboration Definition Connectivity Map With Components prjHTTPServerJCD 110 ƒ postJCEHTTPS.html input file 112 Index 114