Monday, October 17, 2016

How to enable HTTPS with AXIS 2

I've been using AXIS2 for a couple of months now and decided to take the HTTPS / SSL plunge. The following notes are guidelines on how I configured HTTPS with AXIS2.

I am using Tomcat 6, so firstly you need to enable HTTPS in Tomcat:
1) Create a keystore with the following command and enter the required values:
  keytool -genkey -alias tomcat -keyalg RSA -validity 365
2) Then copy this file to a directory e.g. /usr/share/tomcat6/.keystore
3) Edit the Tomcat server.xml e.g. /etc/tomcat6/server.xml and add the following section inside the <Service name="Catalina"> tag

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
                keystorePass="yourkeystorepassword" keystoreFile="/usr/share/tomcat6/.keystore"
               clientAuth="false" sslProtocol="TLS" /> 
(replace yourkeystorepassword with the password you used in step 1)
4) Restart Tomcat and test that you can access Tomcat via HTTPS on port 8443 (you will get a certificate error in your browser as it's not a trusted certificate).

Now onto AXIS2:
5) I downloaded the axis2.war file.
6) Extract the war file with unzip to a empty directory.
7) Edit the WEB-INF/conf/axis2.xml file
8) Change this:
<transportReceiver name="http"
                       class="org.apache.axis2.transport.http.AxisServletListener"/> 
to this:
   <transportReceiver name="http"
                       class="org.apache.axis2.transport.http.AxisServletListener">
        <parameter name="port">8080</parameter>
    </transportReceiver>
    <transportReceiver name="https"
                       class="org.apache.axis2.transport.http.AxisServletListener">
        <parameter name="port">8443</parameter>
    </transportReceiver>
9) Now restart Tomcat and go to the HappyAxis(https://localhost:8443/axis2/axis2-web/HappyAxis.jsp) page. You'll see you get some internal server error. This is because Tomcat does not have the keystore configured for AXIS2 to use.
I fixed this by adding the following JAVA_OPT options:
        JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=\"/usr/share/tomcat6/.keystore\" - Djavax.net.ssl.trustStorePassword=\"yourkeystorepassword\""
(replace yourkeystorepassword with the password you used in step 1)
10) Check HappyAxis page and WSDL -> https://localhost:8443/axis2/services/Version?wsdl

All done no mess no fuss :)


No comments:

Post a Comment