Wednesday, February 01, 2006

Using Taverna to run a HTTPS web service


The below steps outline how to run a web service on HTTPS(HHTP-SSL) using Taverna.

1. Make sure the initial set up is in place.This involves :

  • Installing Axis1.3
  • Installing Tomcat(latest version) and configure axis to run on tomcat
  • Install Taverna

2. Configure Tomcat to run on SSL

For details, refer to the below link.

http://tomcat.apache.org/tomcat-4.0-doc/ssl-howto.html

The following steps would suffice to use the default path and password.This assumes that jdk1.5 and above is already installed.

  • Create a certificate keystore :

c:\JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA and enter options as shown below.

C:\Program Files\Java\jdk1.5.0_06\bin>keytool -genkey -alias tomcat -keyalg RSA

keystore password: changeit

What is your first and last name? [Unknown]: localhost (note : this should be localhost for dev testing purposes)

What is the name of your organizational unit? [Unknown]: IUB

What is the name of your organization? [Unknown]: IUB

What is the name of your City or Locality? [Unknown]: BL

What is the name of your State or Province? [Unknown]: IN

What is the two-letter country code for this unit? [Unknown]: US

Is CN=localhost, OU=IUB, O=IUB, L=BL, ST=IN, C=US correct? [no]: y

This would create a .keystore file in the user's directory.

Note: If a keystore was created earlier with the alias tomcat, that must be deleted before executing the above commad.

c:\JAVA_HOME%\bin\keytool -delete -alias tomcat -keypass changeit

  • Edit the tomcat server.xml file ($CATALINA_HOME/conf/server.xml) to uncomment the SSL element completely.
  • Test the SSL by opening a browser, type https://localhost:8443. This should bring up the tomcat page.

3. Create a certificate : A certificate should be exported from the browser.The below screen shots use IE.

  • On the security alert screen click on View Certificate

  • The certificate can be viewed.Click on the 'Details' tab

  • On the Details tab, click 'Copy To File'

  • Click next on the certificate manager export wizard

  • Select a format

  • Export the certificate by entering the name of the .cer file and location

  • Click on Finish

  • import this certificate using the below command

C:\...JRE..\bin\ keytool - keystore C:\jre\lib\security\cacerts -import -file c:\mycert.cer

Enter keystore password : changeit

Next the owner and issuer details are displayed.Verify that the CN =localhost.

Type 'y' in the prompt - Trust this certificate [no] :

The final message must be 'Certificiate was added to keystore'.

Note: If an import was done earlier, delete that alias before importing:

C:\JAVA_HOME\bin>keytool -keystore "C:\jre1.5.0_06\lib\security\cacerts" -delete -alias mykey

Enter keystore password: changeit

4. Start taverna and add a new WSDL scavenger with the WSDL URL of the webservice on https.

The 'add new WSDL scavenger' should take place successfully and it should appear in the list of processes.

5. Run the workflow and check for success message.

No comments: