I want config SSL with restTemplate but all the examples that we are searched, use httpClient. Now i want config without httpClient.
Related
I'm developing a django web app which runs on a gunicorn-nginx local server.
I've followed this digitalocean guide to setup the web app but I don't understand how to create a ssl certificate and use it without having a domain name.
I've found a lot of guides but none of them specify how to enable HTTPS without a domain and using a local IP.
How can I make this happen?
One way would be to create a self-signed certificate using openssl (How to generate a self-signed SSL certificate using OpenSSL?). But these certificates will not have the security layer provide by CA certificate providers.
Once you have a certificate, then you can run the gunicorn server in HTTPS mode by providing the certificate and the key (Running gunicorn on https?)
I have generated a JAX-WS web service with RAD 8.5 which automatically generated an endpoint for the service at "http:endpoint". I generated a client for the web service from the WSDL and added transport security (SSL) to the web service and added a secure endpoint using the following line of code in my client:
proxy._getDescriptor().setEndpoint("https:endpoint");
Everything seems to work fine. My question is do I need to do anything about the existence of the original endpoint ant "http:endpoint". This is an in-house web service so all of the apps which use it in house will use the secure endpoint, but is the availability of the unsecure endpoint a security risk for the web service? If so, what do I need to do to fix it? Any help would be appreciated.
I am not familiar with the Framework you are using, but there should be a configuration in your proxy to not allow http calls at all. If you have that option, turn it on so that your service only listens on port 443 (secure port).
An alternative would be to rewrite all http requests with https.
in wso2 esb i want to add a https proxy service and but when in define proxy service in specity source url use https://... in test url get error :
Invalid WSDL URI (Unable to establish a connection)
and in next step in definr endpoint use of an endpoint https:// ... this error apear :
Unable to validate SSL Certificate of https://....
i try to certificate a crt file and in my https proxy service in wso2\repository\resources\security\client-truststore.jks with keytool
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
and enable https transport sender and recsiever in axis2.xml but my problem do not solve.
I guess, you are trying to connect to a HTTPS endpoint using proxy service. Here you want to import the endpoint server's certificate chain in the the "client-truststore.jks" flie and restart the server. However; by default HTTPS transport sender and receiver are enabled. You may not need to enable them.
But few things to remember..
In transport sender, if you do NOT want to verify the host name of the end point server with its certificate, Please configure "HostnameVerifier" property to "AllowAll". If not, if your end point server's IP and certificate CN are not matched, It would create some errors.
If end point server's certificate is a self signed on, you can just import the server's certificate. If it is a CA singed on, You need to import all the CA certificate chain.
(However most common CA certificates can be found in the "client-truststore.jks" file)
If you want to change the trust store or key store files, you can do it using transport sender configurations. By default trust store file is "client-truststore.jks" Also, if you did any changes to axis2.xml file or key stores, Please restart the server.
Also If you want to expose your proxy service using SSL, you need to enable the "https" in the proxy service. And then your client needs to user ESB server's certificate to call the proxy service.
I need to add SSL to several Node.js services, each of one is listening on its own port, and that have NGINX to map them to our public "api" domain.
Due to the release of a new security policy now all services must be enforced to only work on SSL connections.
Since I'm not used to work with SSL certificates it's not clear to me what can be the advantage of setting the SSL on NGINX and make NGINX itself to proxy-pass to a http:// connection or have the real node.js endpoint to be a SSL server and (then proxy-pass to https://).
I guess with the NGINX solution, I could re-use the same SSL cert adding it to our "api" domain, while each different SSL node server would need a different cert.
Then it's not clear to me if into a production environment like this I should be using self-signed certificates (since the endpoint is touched through other services) or if it should be a CA trusted certificate exactly like it should be a public domain.
What am I missing in this considerations?
I assume the NGINX is public facing, and the nodejs services are internal (ie. not accessed directly by public web users).
You would only secure the connection between the public web to your NGINX. The transport between the NGINX and the NodeJS services is internal, and doesn't need to be secured. it's a big waste of CPU.
For the NGINX you buy a certificate from a valid certificate authority. For internal services you may use self-signed (ie. your own internal certificate authority generated certificates), but as said above, you shouldn't need to use SSL internally.
Are there any special configuration settings you have to do to make a web service work with SSL?
Is there a way to force the service methods to authenticate using a username/password like I can do with a WCF service?
No. SSL support provided by web server (IIS).
Yes. Just configure authentication through web.config