Friday, February 4, 2011

[WSO2 ESB] Invoking a Web Service via HTTPS from a Proxy Service

1. Get the public certificate of the Web Service deployed over HTTPS

2. Import the certificate from [1] to [ESB_HOM]/resources/security/client_truststore.jks

:\>keytool import public_cert.crt -alias myservice -keystore client_truststore.jks

The default password is wso2carbon. You can put any name to alias [e.g. myservice] and need to replace public_cert.crt with name of the certificate you have from [1].

3.You may be using an IP address as the web service end point or the CN of the certificate issued for the end point may not match its server url. This could cause a host name verification error.

To overcome that, find the following in [ESB_HOME]/repository/conf/axis2.xml ..

<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>

uncomment it and change it to the following...

<parameter name="HostnameVerifier">AllowAll</parameter>

4. If the Web Service or it's WSLD - or the both enabled for mutual authentication - you need export the public certificate of WSO2 ESB out and import it to the trust store of the Web Service.

To export out the ESB public certificate you can use the following.

:\>keytool export -file esb_public_cert.crt -alias wso2carbon -keystore wso2carbon.jks

You can find wso2carbon.jks at [ESB_HOM]/resources/security/wso2carbon.jks and it default password is wso2carbon.

That's it..