Pages

Showing posts with label SSL. Show all posts
Showing posts with label SSL. Show all posts

Home Posts filed under >SSL

Configuring Apache with Open SSL

Downloading Resources
1- Download Apache Server from the following location with SSL Support
http://mirror.cloudera.com/apache//httpd/binaries/win32/httpd-2.2.17-win32-x86-openssl-0.9.8o.msi
2- Down load OpenSSL from the following location:
http://www.thompsonbd.com/files/apache/Openssl-0.9.7e-Win32.zip
Installing Apache
Install Apcher Server with Default settings and make sure no other application is running on ports 80 and 443.

Installing OpenSSL
Unzip the file Openssl-0.9.7e-Win32.zip and copy the extracted folder on drive C and rename it a Openssl.
Certificate Generation
1- Navigate to Openssl folder using command line.
2- Execute the following:
  • openssl req -config openssl.cnf -new -out mycert.csr -keyout mycert.pem
  • openssl rsa -in mycert.pem -out mycert.key
  • openssl x509 -in mycert.csr -out mycert.cert -req -signkey mycert.key -days 365
Copy the .cert and .key files to C:\Program Files\Apache Software Foundation\Apache2.2\conf
Enable SSL on Apache
1- Open httpd.conf file available at C:\Program Files\Apache Software Foundation\Apache2.2\conf and uncomment the following lines by removing #:
  • #LoadModule ssl_module modules/mod_ssl.so
  • #Include conf/extra/httpd-ssl.conf
2- Open httpd-ssl.conf file available at  and enter certificate and key values as given below:
#   Server Certificate:
SSLCertificateFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/mycert.cert”
#   Server Private Key:

More Here


Courtesy:http://abrarhashmi.wordpress.com/2011/01/09/configuring-apache-with-open-ssl/
Posted by at 8:34 PM 3 comments
Labels: ,

How to enable JBoss 4.2 to connect to a SSL enabled DATABASE

There may be a chance when you need to make your database to accept only SSL connections. In that case what you have to do is to put the appropriate datasource file into the deploy folder of your database. The point to make sure here is that mention the url in the database for ssl and not for simple.


I used JBoss-eap-as 4.2 and Postgres8.1


Copy the datasource file from


jboss-eap-4.2\jboss-as\docs\examples\jca


Or in you case it could be

jboss-as\docs\examples\jca


Into the deploy folder of your configuration.


jboss-eap-4.2\jboss-as\server\default\deploy


or


jboss4.x\server\default\deploy


Provide the connection url, username and password :


In case of postgres url is :


jdbc:postgresql://ipaddress:5432/databasename?ssl=true&a m p;


sslfactory=org.postgresql.ssl.NonValidatingFactory&a m p; “


NOTE : DONT GIVE SPACE IN &a m p; OTHERWISE IT WILL NOT WORK, i HAVE TO DO THIS OTHER IT WILL NOT HAVE APPEARED IN THIS BLOG. THANX


Remember in this case there is no client-side authentication. In case you want to have a client-side authentication then you need to have a digital Certificate given by a certifying authority or you can either generate one for your self ( I have explained about how to generate a keystore in my previous post http://ravishbhupesh.wordpress.com/2008/05/06/enabling-ssl-on-jboss-2/ ).

More Here


Courtesy:http://ravishbhupesh.wordpress.com/2008/05/06/connect-to-ssl-enabled-database-via-jboss/
Posted by at 8:32 AM 0 comments
Labels: ,

How to enable SSL on JBoss 4.2

I am going to explain how to enable JBoss to accept SSL connection and also how to make JBoss to connect to a database which only accepts SSL connections.


I am using JBoss-eap-4.2 and Postgres8.1


My Postgres is configured to accept on SSL connections.


Firstly, lets enable ssl for jboss.


JBoss uses JSEE, the Java Secure Socket Extension (JSSE), for SSL. To start we need a public key/private key pair in the form of an X509 certificate for use by the SSL server sockets. Let us create a self-signed certificate using the JDK keytool. It was created using the following command and input:


keytool -genkey -keystore “NAME_OF_YOUR_KEYSTORE” -storepass “STOREPASS _OF_YOUR_KEYSTORE” –keypass “KEYPASS_OF_YOUR_KEYSTORE” -keyalg RSA -alias “ALIAS_OF_YOUR_KEYSTORE” -validity 3650 -dname

“cn=myKeystore,ou=jboss admin,dc=jboss,dc=org”


“NAME_OF_YOUR_KEYSTORE” = myKeystore.keystore


“NAME_OF_YOUR_KEYSTORE” = myKeystore


“STOREPASS_OF_YOUR_KEYSTORE” = rmi+ssl


“KEYPASS_OF_YOUR_KEYSTORE” = rmi+ssl


Finally it is :


keytool -genkey -keystore myKeystore.keystore -storepass rmi+ssl –keypass rmi+ssl -keyalg RSA -alias myKeystore -validity 3650 -dname”cn=myKeystore,ou=jboss admin,dc=jboss,dc=org”


You can view your keyStore file if you want to using this command


keytool -list -v –keystore myKeystore.keystore


Then copy the keystore file in the conf directory of ur jboss configuration.


jboss-eap-4.2\jboss-as\server\default\conf


in your case it could be


jboss4.x\server\default\conf


Now open the server.xml file in your conf directory :


jboss-eap-4.2\jboss-as\server\default\deploy\jboss-web.deployer


in your case it could be


jboss4.x\server\default\deploy\jboss-web.deployer


uncomment this block






–>


And add these things





And it is done. Now start the jboss and type the url


https://ipaddress:8443 or https://localhost:8443


and its done.


If you don’t want to access your jboss server via 8080 port then you need to disable the connector 8080 in the server.xml file located at

More Here


Courtesy:http://ravishbhupesh.wordpress.com/2008/05/06/enabling-ssl-on-jboss-2/
Posted by at 8:29 AM 1 comments
Labels: ,

Why SSL is not the right option for web service security?

Security to web services is always not pretty straight forward…

This post primarily discusses the reasons why SSL (Secure Socket Layer) is not a best fit for ensuring web service security. SSL stands for Secure Socket Layer popularly works on Transport layer as HTTPS.

* Web services need end-to-end security, where as SSL provides point-to-point security. While passing through SSL the message has to pass through multiple intermediaries that might not have enough security protection policies enforced! These intermediaries might pose a threat in compromising the integrity, confidentiality of the message
* SSL doesn’t support non-repudiation. For definition of non-repudiation you may browse through on the net

* SSL provides security only over the transport layer but not at the message level
* If you want to encrypt Credit card information or sign a particular portion of the SOAP message then SSL is not the right option

More Here


Courtesy:http://dailyraaga.wordpress.com/
Posted by at 5:00 AM 0 comments
Labels:
Subscribe to: Posts (Atom)