I am creating some proxy services to a Web-Services which have the restriction that all connection must be secured (over https).
After doing some configuration changes on the WSO2Server I could finally create sucessfully those proxy services. The connection between the client and the final Web-Service through WSO2Esb it is ok, but the connection is very slow.
To dischard network problems we allow requests over http with a very good performance. To sum up, the same client request over http lasts less than 1 second and if we do it over https lasts 20 seconds more or less.
Other test done to try to understand where is the problem: I did requests over https directly to the end Web Service without passing through WSO2ESB. In this case the https performace is very good to (quite similar as if the request has been done through http).
So the problem could be in some part of the WSO2ESB server configuration. Always the first https request lasts the same (20 seconds), and If I do more than one the following lasts less than 1.5 second. So the problem could be some kind of timeout doing something related to the ssl connection.
More useful information:
wso2server version: 4.8.1
Java versions tested: 1.7.0_45 and 1.8.0_60
Added parameter in CARBON_HOME/bin/wso2server.sh: -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
Tomcat connector configuration from CARBON_HOME/repository/conf/tomcat /catalina-server.xml:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8888"
bindOnInit="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
enableLookups="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
clientAuth="false"
compression="on"
scheme="https"
secure="true"
SSLEnabled="true"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="..."
URIEncoding="UTF-8" />
Maybe I missed something in axis2.xml configuration file ($CARBON_HOME/repository/conf/axis2/axis2.xml)?. Here is the part related to:
TransportReceiver (https part):
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">8443</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="bind-address" locked="false">XXX.XXX.XXX.XXX</parameter>
<parameter name="WSDLEPRPrefix" locked="false">https://XXX.XXX.XXX.XXX:8443</parameter>
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.transport.nhttp.api.PassThroughNHttpGetProcessor
<parameter name="SSLProtocol">TLSv1.2</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>XXX</Password>
<KeyPassword>XXX</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>XXX</Password>
</TrustStore>
</parameter>
</transportReceiver>
TransportSender (https part):
<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
<parameter name="non-blocking" locked="false">true
<parameter name="SSLProtocol">TLSv1.2</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>XXXX</Password>
<KeyPassword>XXXX</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>XXXXX</Password>
</TrustStore>
</parameter>
<parameter name="HostnameVerifier">AllowAll</parameter>
</transportSender>
PROBLEM SOLVED.
The low performance SSL problem was caused by a restriction in the network firewall. The firewall was blocking the connections to the DNS server, so WSO2ESB couldn't validate properly the client certificate and the client hostname.
After having added a new rule in the firewall the SSL performance of the WSO2ESB is quite good.
Thank you.
Related
Maybe this question already has but I think there is a different situation.
I configure all required things from the web config file and install certificates.
I consume java web service in ASP.NET WEB API.
SOAP service was configured mutual authentication. (Two-way SSL)
I have 2 Keystore files. (client.jks and truststore.jks)
My full error: This could be due to the fact that the server certificate is
not configured properly with HTTP.SYS in the HTTPS case.
This could also be caused by a mismatch of the security binding between
the client and the server.'
WebConfig:
<customBinding>
<binding name="MyBinding">
<textMessageEncoding messageVersion="Soap11"/>
<security authenticationMode="MutualCertificate" enableUnsecuredResponse="true" allowSerializedSigningTokenOnReply="true"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
includeTimestamp="false">
</security>
<httpsTransport />
</binding>
</customBinding>
<endpoint behaviorConfiguration="ClientCredentialsBehavior" address="https://abc.bank.dm:9193/Money/Money" binding="customBinding" bindingConfiguration="MyBinding" contract="Ref.Port" name="Port">
<identity>
<dns value="test"/>
</identity>
</endpoint>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCredentialsBehavior">
<clientCredentials>
<clientCertificate findValue="2d73n94087857dndyr874ydr"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindByThumbprint" />
<serviceCertificate>
<defaultCertificate findValue="d346n32d48938w43d943095d"
storeLocation="CurrentUser"
storeName="TrustedPeople"
x509FindType="FindByThumbprint" />
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Try to specify the same protocol on the client and server. Add the following code in the client:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Here is the reference: TLS 1.2
Please look into my server.xml;
I am not able to redirect port 8019 to https (port 443). I tried various examples on the web but I still cannot get it working. Could anyone help me with what is wrong with my server.xml?
<Connector port="8019" protocol="HTTP/1.1"
connectionTimeout="100000"
redirectPort="443" />
<Connector port="443" maxHttpHeaderSize="8192" SSLEnabled="true"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true" clientAuth="false"
keystoreFile="C:\zenfortecertificate\3_zensar_com.pfx" keystorePass="[my password]" keystoreType="PKCS12"
sslEnabledProtocols="TLSv1.2"
ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"/>
<Connector port="8019" protocol="AJP/1.3" redirectPort="443" />
<Engine name="Catalina" defaultHost="zenforte-stg.zensar.com">
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
[...]
</Host>
<Host name="zenforte-stg.zensar.com" appBase="zen_webapps"
unpackWARs="true" autoDeploy="true"/>
</Engine>
There are a few problems with your server.xml. Some of them have to do with your actual question, others are just things you might want to think about.
First, you have two <Connector> elements on the same port (8019):
<Connector port="8019" protocol="HTTP/1.1" connectionTimeout="100000" redirectPort="443" />
and
<Connector port="8019" protocol="AJP/1.3" redirectPort="443" />
So the first thing to do is to pick a connector and remove the other one. If you want to use the AJP protocol with your reverse-proxy or load balancer, then keep the AJP one. Otherwise, use the HTTP one.
The key to redirecting HTTP -> HTTPS is the redirectPort in your non-secure <Connector> (on port 8019, whichever one AJP/HTTP you choose). But the redirect doesn't happen unless your application asks for it. In order to do that, you need this in your application's WEB-INF/web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This tells the container (Tomcat) that the application expects "confidential" communication and it will automatically redirect any non-confidential (i.e. insecure) requests to the confidential (i.e. encrypted) protocol on the other port (https/443).
Some other considerations:
Your connectionTimeout of 100 seconds is a long time. You probably want that to be much lower otherwise clients can tie-up your server without accomplishing any work.
Your <Connector> contains all of your secure configuration. Modern Tomcats use a <SSLHostConfig> for all that configuration. This suggests an old configuration with a new server or, worse, an old server. You should try to upgrade to the latest server and use the latest configuration style. The newer configuration style gives you greater control over the configuration and makes it clearer what is happening. (For example, if you want to use RSA + ECDSA, the configuration is more explicit using <SSLHostConfig> + <Certificate> than just specifying the keystore and hoping for the best.
If you aren't using the "localhost" <Host> in your configuration, remove it. Even better, if you don't have any other <Host>s defined, just allow the "localhost" one to cover everything. This makes your configuration less customized from the default, and therefore you have fewer changes to maintain from the stock server.xml.
Specifying disableUploadTimeout="true" doesn't have any effect unless you also specify connectionUploadTimeout
I am currently trying to run Tomcat 7.0.8 (using port 8080) with jre1.6 on Window Server 2008 R2
I can open localhost:8080 without any problem. However, I cannot access tomcat using IP address (i.e. [ipaddress]:8080/), neither from the computer itself or from other computer. It seems to load until timeout and result in "Internet Explorer cannot display the webpage"
I have tried to add new rule to inbound rules of firewall to allow the connection of port 8080
I have also tried to disable the firewall but with no luck
Changing the port to 80, 9090... still cannot work
I have also tried Tomcat 6 and 8 with jre1.6 and jre 1.7 but get the same result
I have check with netstat and able to find the port 8080 in listening state
C:\Users\Administrator>netstat -ano | findstr "8080"
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 540
TCP [::]:8080 [::]:0 LISTENING 540
Here is the server.xml
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" address="0.0.0.0" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Am I still missing something in order to make it work??
Any help would be appreciated. Thank you.
I recently did this.
Without editing the server.xml I port forwarded the tomcat port on my router and ensured I included the local port. My router configuration looked something like this:
+--------------+-------------+----------------+-------------+-----------+
| SERVICE NAME | PORT RANGE | LOCAL IP | LOCAL PORT | PROTOCOL |
+--------------+-------------+----------------+-------------+-----------+
| | | | | |
| Tomcat | 8084 | 192.168.1.237 | 8084 | BOTH |
+--------------+-------------+----------------+-------------+-----------+
Because we don't know your firewall setup you'll have to make sure nothing else is blocking including anti virus software and any hardware configuration.
I am running a web application on my local tomcat 7.50 server.
The operating system is Mac OS Mavericks.
The web application can be easily access from all computers in the same house if I use the local ip address (for example 192.168.2.153:8089).
The problem is that I cannot access the web application by using the public ip of the machine that runs the Tomcat 7.50 server.
Here is the server.xml file of the tomcat server :
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8089" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
useIPVHosts="true" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8089" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
useIPVHosts="true" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
You need to set up something known as Port Forwarding through your route (where the server is hosted): Look here: http://www.wikihow.com/Set-Up-Port-Forwarding-on-a-Router
Be careful because you will be making your computer accessible through the internet.
Also your home ip address in most cases is dynamic (changes from time to time) so make sure you are using the correct ip to access the server. Check out http://www.noip.com/ for a manager ip address.s
You need to assign a public IP (like 119.56.1.78) and you need fo convince your ISP to route traffic bearing that IP to your system. The first part is trivial... use
ip addr add 119.56.1.78 dev eth0
to add that IP to the systemm and use
ip addr del 119.56.1.78 dev eth0
to remove it. Choose the correct IP and interface (maybe not eth0)
As for the second part - not so easy, and don;t try the first part till you get the IP assigngment.
Do you have a home-router - or one built into your ISP modem ? If so it may b assigned that IP. You might remove the router and expose your server to the WAN - BUT there are security issues to consider.
You might configure your local router to forward port 9090 to your local system, (192.168.1.1) and NOT add asecondary IP at all. But without more info no one can guess how.
yes my application server runs on https. Client is asking to change the soap address from http to https.
client is asking that whenever he want 2 see the wsdl through broswer the soap address should come as https
i already added this in axis2.xml...
<transportReceiver name="https" class="org.apache.axis2.transport.http.SimpleHTTPServer"> <parameter name="port">8443</parameter>
</transportReceiver>
I added the below in service.xml
<transports> <transport>HTTPS</transport> </transports>
after the closed tag, but it give me below error.
it gives me exception
org.apache.axis2.deployment.DeploymentException: Service [ RTAPDevService] is trying to expose in a transport : <transports> <transport>HTTPS</transport> </transports> and which is not available in Axis2 –
There is a typo in service.xml. It should be :
<transports><transport>https</transport></transports>
not HTTPS.
Your wsdl will look like this:
<wsdl:service name="SampleService">
<wsdl:port name="SampleServiceHttpsSoap11Endpoint" binding="ns:SampleServiceSoap11Binding">
<soap:address location="https://localhost:8443/Axis2HttpsProject/services/SampleService.SampleServiceHttpsSoap11Endpoint/"/>
</wsdl:port>
<wsdl:port name="SampleServiceHttpsSoap12Endpoint" binding="ns:SampleServiceSoap12Binding">
<soap12:address location="https://localhost:8443/Axis2HttpsProject/services/SampleService.SampleServiceHttpsSoap12Endpoint/"/>
</wsdl:port>
<wsdl:port name="SampleServiceHttpsEndpoint" binding="ns:SampleServiceHttpBinding">
<http:address location="https://localhost:8443/Axis2HttpsProject/services/SampleService.SampleServiceHttpsEndpoint/"/>
</wsdl:port>
</wsdl:service>
And one thing more,make sure you have added http-core jar.
This is what I did:
Create a certificate
keytool -genkey -alias localhost -keypass password -keystore /choose/a/path/localhost.bin -storepass password -keyalg RSA
Enabling SSL on server side for AXIS2 in tomcat
Add the following in Server.xml of tomcat:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/choose/a/path/localhost.bin"
keystorePass="password" keyAlias="localhost"/>
Change axis2.xml
(You can use both: http and https)
<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8080</parameter>
</transportReceiver>
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
Hope it helps.
In the standalone.xml i did those changes:
<subsystem xmlns="urn:jboss:domain:webservices:1.2">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>jbossws.undefined.host</wsdl-host>
<wsdl-port>443</wsdl-port>
<endpoint-config name="Standard-Endpoint-Config"/>