Manuals / Sun Microsystems / Computer Equipment / Network Cables

Sun Microsystems 5.1.1 manual SSL Handshaking

Models: 5.1.1

1 114

Download 114 pages 56.55 Kb

Page 33

Chapter 4	Section 4.3
Operating SSL	SSL Handshaking

<c:\JavaCAPS>\logicalhost\is\domains\<MyDomain>\config\cacert

s.jks

where <c:\JavaCAPS> is the directory where the Sun Java Composite Application Platform Suite is installed and <MyDomain> is the name of your domain. The primary tool used is keytool, but openssl is also used as a reference for generating pkcs12 KeyStores.

Notice that in the previous section, steps 2 and 3 were used to import two CAs into the TrustStore created in step 1. For example, suppose you have a trusted certificate file named: C:\trustedcerts\foo.cert and want to import it to the trustedcacertsjks TrustStore.

If you are importing certificates into an existing TrustStore, use:

keytool -import -file C:\cacerts\secondCA.cert -alias secondCA -keystore trustedcacertsjks

Once you are finished, trustedcacertsjks can be used as the TrustStore for the eWay.

4.3SSL Handshaking

There are two options available for setting up SSL connectivity with a Web server:

Server-side Authentication: The majority of eCommerce Web sites on the Internet are configured for server-side authentication. The eWay requests a certificate from the Web server and authenticates the Web server by verifying that the certificate can be trusted. Essentially, the eWay performs this operation by looking into its TrustStore for a CA certificate with a public key that can validate the signature on the certificate received from the Web server. This option is illustrated in Figure 9.

HTTPS eWay Adapter User’s Guide

33

Sun Microsystems, Inc.

Image 33

Sun Microsystems 5.1.1 manual SSL Handshaking

Contents

EWAY Https Adapter USER’S Guide Version Contents Http Settings Proxy Configuration Security Authentication Http OTD Method DescriptionsAdditional SSL Section Notes Verify hostname Server Mode Operation Connection Pool SettingsImplementing the Https eWay JCD Sample Projects Running the Sample Running the Sample in SSL ModeWhat’s in This Chapter About Http and HttpsAbout the Https eWay Http MessagesWeb Browser Cookies Sample Http Exchange in Client Mode GET and Post MethodsCookie Expiration Date Checking Body Html Sample Http Exchange in Server ModeSample Input Form What’s New in This ReleaseAbout This Document Intended Audience ScopeText Conventions Https eWay JavadocRelated Documents Sun Microsystems, Inc. Web SiteDocumentation Feedback Https eWay System Requirements Installing the Https eWayAfter you have installed eGate or eInsight, do the following Installing the Https eWay on an eGate supported systemExtracting the Sample Projects and Javadocs After InstallationSteps to extract the Javadoc include Steps to extract the Sample Projects includeInstall Java Caps Ican 5.0 Project Migration ProceduresExport the Project Import the ProjectInstalling Enterprise Manager eWay Plug-Ins To add plug-ins from the Enterprise Manager Viewing Alert CodesTo View the eWay Alert Codes Https eWay Alert CodesHTTPCLIENTEWAY-CONNECT Https Client OTD Overview of eWay OTDsHttp OTD Method Descriptions Https Server OTDInput Server Request Node Working with the Server OTD Input Server Response NodeSendResponse Example Collaboration ExampleOverview Operating SSLHttps eWay HackerGenerating a KeyStore and TrustStore KeyStores and TrustStoresKeyStores Creating a KeyStore in JKS FormatTo generate a KeyStore Creating a KeyStore in PKCS12 Format TrustStores Using an Existing TrustStoreCreating a TrustStore To create a new TrustStoreSSL Handshaking Client ServerEWay Server Web Client EWayCreating a Sample CA Certificate Using the OpenSSL UtilitySigning Certificates With Your Own CA # SSLeay example properties file Windows OpenSSL.cnf File ExampleChapter Section Operating SSL Using the OpenSSL Utility Copyright 1998-2001 The OpenSSL Project. All rights reserved Configuring the eWay Connectivity Map Properties Creating and Configuring the Https eWayTo configure the Https Server eWay properties To configure the Https eWay propertiesConnectivity Map with Components Server Configuring the eWay Environment PropertiesEWay Connectivity Map Properties To Configure the Environment PropertiesHttps eWay Configuration Sections Include Configuring the Connectivity Map Https eWay PropertiesHttps Server eWay Configuration Sections Include Http eWay-HTTP SettingsEWay Environment Properties Http Server eWay-HTTP Server External ConfigurationEnvironment Configuration-HTTP Settings Http SettingsEnvironment Configuration-Proxy Configuration Proxy ConfigurationSecurity Proxy passwordName Description Required Value Proxy Port Proxy UsernameAuthentication Environment Configuration-Security, AuthenticationEnvironment Configuration-Security, SSL Com.sun.net.ssl.internal.ssl.P Name Description Required Value Jsse Provider ClassRovider Com.ibm.jsse.IBMJSSEProvidVerify hostname Additional SSL Section NotesDescription Required ValuesConnection Pool Settings Environment Configuration-Connection Pool SettingsAdditional information Setting Acceptor Threads Property for Https Server Mode EInsight Engine and Components Implementing the Https eWay Bpel Sample ProjectsHttps eWay With eInsight Server Mode OperationReceive Business Rule Designer Output Nodes Node Name DescriptionReceive Business Rule Designer Output Nodes Importing a Sample Project About the Https eWay eInsight Sample ProjectsProject Overview Building and Deploying the prjHTTPClientBPEL Sample ProjectGET Command GetSample.xml Project OperationsInput and Output Data Creating a Project Post Command PostSample.xmlCreating the OTD Sample DTD MultipleDataIn.dtdOTD Wizard Selection Include DTDs to Selected List OTD Options Creating a Business ProcessLogic of the Business Process Business Process Cases To create a Business ProcessCase Activity Result Business Process Icons Client Business Process With Link Business Rules Client Business Rule Designer First Link Business Rule Business Rule Designer Second Link Business Rule Business Rule Designer Third Link Business Rule Business Rule Designer Case 1 Business Rule Business Rule Designer Case 2 Business Rule Decision Gate Properties Dialog Box Case To create a Connectivity Map Creating a Connectivity MapPopulating the Connectivity Map Selecting External ApplicationsDefining the Business Process To select external applicationsSteps required to bind eWay components together Binding the eWay ComponentsEnvironment Editor envHTTPClientBPEL Creating an EnvironmentConfiguring the Https eWay Properties Configuring the eWaysCmHTTPClient Inbound File eWay Settings CmHTTPClient Outbound File eWay SettingsCreating and Activating the Deployment Profile Configuring the Integration ServerCreate and Start the Domain Creating and Starting the DomainBuilding and Deploying the Project Running the SampleBuild the Project Building and Deploying the prjHTTPServerBPEL Sample Project ƒ postBPELHTTPS Content of postBPELHTTPS.html isServer Sample Project Original Form Project FormsServer Sample Project Input Form Next step is to create the Project’s Business Process Business Process Icons for Receive and Reply Business Process Icons With Server Business Rules Business Rule Designer Server Receive Business Rule Creating a Connectivity Map Connectivity Map With Components prjHTTPServerBPEL Creating an Environment ƒ postBPELHTTPS.html input file Running the Sample in SSL ModePermission java.util.PropertyPermission * read, write About the Https eWay JCD Sample Projects Implementing the Https eWay JCD Sample ProjectsBuilding and Deploying the prjHTTPClientJCD Sample Project Https eWay Sample Project Java Collaboration Based SampleIn DTD SampleIn.dtd Creating the Collaboration Definition Java JcdHTTPClient Collaboration Definition Part 101 Connectivity Map With Components prjHTTPClientJCD 103 ƒ Project Overview on Building and Deploying the prjHTTPServerJCD Sample Projectƒ postJCEHTTPS 106 107 JcdHTTPServer Collaboration Definition Connectivity Map With Components prjHTTPServerJCD 110 ƒ postJCEHTTPS.html input file 112 Index 114