Client Key generation and exporting the public certificate
1) Generate the Self Sign certificate or
get the certificate from some vendor. We will discuss the steps to generate the
Self Sign certificates
A) Set the java class path to run the keytool
B) Use the below to generate the keys
C:\ identity>keytool
-genkey -alias tesclient -keyalg RSA -keystore SSKeystore.jks
Enter keystore password: XXXXX
Re-enter new password:
XXXXX
What is your first and last name?
[Unknown]: consumer
What is the name of your organizational unit?
[Unknown]: SOA
What is the name of your organization?
[Unknown]: MyCompany
What is the name of your City or Locality?
[Unknown]: Hillsborough
What is the name of your State or Province?
[Unknown]: NJ
What is the two-letter country code for this unit?
[Unknown]: US
Is CN= consumer, OU=SOA, O= MyCompany, L= Hillsborough,
ST=NJ, C=US correct?
[no]: yes
Enter key password for < tesclient >
(RETURN if
same as keystore password):
|
2) Export the public certificate and give to the
Service provider. Service provider should store this certificate in the trust.
C:\identity>keytool
-export -alias tesclient -file Client.crt
-keystoe SSKeystore.jks
Enter keystore
password:
Certificate stored in file <Client.crt>
|
Testing with SOAP UI
1) If you will try to print the WSDL of the secured
web service from Browser you will get the “Error 401—Unauthorized” as expected
2) If you try to add the WSDL from SOAP UI, you
will get the error in loading the WSDL
as expected as this is secured by client authentication.
3) In SOAP UI , navigate to
File->Preferences-> SSL Settings. Fill the below fields. Refer the link
for more description.
Keystore
|
Set the path of your keystore
C:\ identity\ SSKeystore.jks
|
Keystore Password
|
Enter the keystore password
XXXXX
|
Client
Authentication
|
Select
|
4) Now add the WSDL of the secured web service and
test service. You will get the required output.