Generating keystore files

keytool -genkeypair -alias mulekey -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650

keytool -importcert -file mycert.crt -alias mulecert -keystore truststore.jks

<tls:context name="tlsContext">

    <tls:trust-store path="truststore.jks" password="your_password"/>

    <tls:key-store path="keystore.p12" keyPassword="your_password" type="PKCS12"/>

</tls:context>

<http:listener-config name="httpsListenerConfig" host="0.0.0.0" port="8443" basePath="/">

    <http:tls-context-ref ref="tlsContext"/>

</http:listener-config>

<flow name="sslFlow">

    <http:listener config-ref="httpsListenerConfig" path="/secure"/>

    <set-payload value="This is a secure endpoint"/>

</flow>

keytool -genkeypair -alias mule-jaxws -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650

<ws:consumer-config name="WSConsumer" wsdlLocation="path/to/wsdl"

    port="PortName" service="ServiceName" serviceAddress="https://your-service-endpoint">

    <ws:security>

        <ws:keystore path="keystore.jks" password="your_password"/>

    </ws:security>

</ws:consumer-config>

<flow name="jaxwsFlow">

    <ws:consumer config-ref="WSConsumer" operation="operationName"/>

</flow>

keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

           keystoreFile="conf/keystore.jks" keystorePass="your_password"

           clientAuth="false" sslProtocol="TLS"/>

keytool -genkeypair -alias jboss -keyalg RSA -keysize 2048 -keystore jboss.keystore -validity 3650

<security-realm name="UndertowRealm">

    <server-identities>

        <ssl>

            <keystore path="jboss.keystore" relative-to="jboss.server.config.dir" keystore-password="password"/>

        </ssl>

    </server-identities>

    <authentication>

        <truststore path="truststore.jks" relative-to="jboss.server.config.dir" keystore-password="password"/>

    </authentication>

</security-realm>

<subsystem xmlns="urn:jboss:domain:undertow:4.0">

    <server name="default-server">

        <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

    </server>

</subsystem>

keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650

server.port=8443

server.ssl.key-store=classpath:keystore.p12

server.ssl.key-store-password=your_password

server.ssl.key-store-type=PKCS12

server.ssl.key-alias=mykey

server:

  port: 8443

  ssl:

    key-store: classpath:keystore.p12

    key-store-password: your_password

    key-store-type: PKCS12

    key-alias: mykey

import org.springframework.boot.SpringApplication;

import org.springframework.boot.autoconfigure.SpringBootApplication;

import org.springframework.web.bind.annotation.GetMapping;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RestController;

@SpringBootApplication

public class SslExampleApplication {

    public static void main(String[] args) {

        SpringApplication.run(SslExampleApplication.class, args);

    }

}

@RestController

@RequestMapping("/secure")

class SecureController {

    @GetMapping

    public String secureEndpoint() {

        return "This is a secure endpoint";

    }

}

keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientKeystore.jks -validity 3650

keytool -importcert -file mycert.crt -alias server -keystore clientTruststore.jks

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:jaxws="http://cxf.apache.org/jaxws"

       xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"

       xsi:schemaLocation="

           http://www.springframework.org/schema/beans

           http://www.springframework.org/schema/beans/spring-beans.xsd

           http://cxf.apache.org/jaxws

           http://cxf.apache.org/schemas/jaxws.xsd

           http://cxf.apache.org/transports/http/configuration

           http://cxf.apache.org/schemas/configuration/http-conf.xsd">

    <http-conf:conduit name="{http://example.com}MyServicePort.http-conduit">

        <http-conf:tlsClientParameters secureSocketProtocol="SSL">

            <http-conf:keyManagers keyPassword="password" keyStoreLocation="classpath:clientKeystore.jks" keyStorePassword="password"/>

            <http-conf:trustManagers trustStoreLocation="classpath:clientTruststore.jks" trustStorePassword="password"/>

            <http-conf:cipherSuitesFilter>

                <http-conf:include>.*_EXPORT_.*</http-conf:include>

                <http-conf:include>.*_EXPORT1024_.*</http-conf:include>

                <http-conf:include>.*_WITH_DES_.*</http-conf:include>

                <http-conf:include>.*_WITH_NULL_.*</http-conf:include>

                <http-conf:exclude>.*_DH_anon_.*</http-conf:exclude>

            </http-conf:cipherSuitesFilter>

        </http-conf:tlsClientParameters>

    </http-conf:conduit>

</beans>

import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;

import org.apache.cxf.endpoint.Client;

import org.apache.cxf.frontend.ClientProxy;

import org.apache.cxf.transport.http.HTTPConduit;

import org.apache.cxf.configuration.security.KeyStoreType;

import org.apache.cxf.configuration.security.TrustManagersType;

import org.apache.cxf.configuration.security.KeyManagersType;

import org.apache.cxf.configuration.security.TLSClientParametersType;

public class SecureClient {

    public static void main(String[] args) {

        // Set up the factory for the web service

        JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();

        factory.setServiceClass(MyService.class);

        factory.setAddress("https://example.com/myService");

        // Create the web service client

        MyService client = (MyService) factory.create();

        // Configure TLS parameters

        Client cxfClient = ClientProxy.getClient(client);

        HTTPConduit httpConduit = (HTTPConduit) cxfClient.getConduit();

        TLSClientParametersType tlsParams = new TLSClientParametersType();

        tlsParams.setSecureSocketProtocol("SSL");

        KeyManagersType keyManagers = new KeyManagersType();

        keyManagers.setKeyPassword("password");

        KeyStoreType keyStore = new KeyStoreType();

        keyStore.setPassword("password");

        keyStore.setResource("classpath:clientKeystore.jks");

        keyManagers.setKeyStore(keyStore);

        TrustManagersType trustManagers = new TrustManagersType();

        KeyStoreType trustStore = new KeyStoreType();

        trustStore.setPassword("password");

        trustStore.setResource("classpath:clientTruststore.jks");

        trustManagers.setKeyStore(trustStore);

        tlsParams.setKeyManagers(keyManagers);

        tlsParams.setTrustManagers(trustManagers);

        httpConduit.setTlsClientParameters(tlsParams);

        // Invoke the web service

        String response = client.sayHello("World");

        System.out.println("Response: " + response);

    }

}

Generating keystore files

To configure the software to use SSL/HTTPS for secure communication, first create a keystore file. This key file contains both public keys stored as signed certificates and private keys stored in personal certificates.

Procedure

    Change the directory to the following:

    $CCM_HOME/jre/bin

    Use the standard JDK keytool utility to generate and load a new key and a self-signed certificate.

        To create the key, type the following command:

        keytool -genkey -keystore keystore_file -keyalg RSA –alias machinename

        When prompted, supply the certificate and password information. Doing so protects the keystore file and the keys within in the file.

        The only mandatory response is to provide the host name from the URL of the IBM® Rational® Change server.

        Ensure that the IP address or the host name matches the internal Rational Change IP address or host name. Doing so ensures that the key is issued to the website URL.

        For example, if the generated links use 192.123.10.10, then type this value at the first and last name prompt.

        keytool -genkey -keystore "/usr/local/rc53/rc.keystore" -alias hawk -keyalg RSA

 Example for me :------>>>>

1>  First Check if it is 2007 os then go This could happen if you are not running the command prompt in administrator mode.

  If you are using windows7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode.

  If not, you can also go to start -> all programs -> accessories -> right click command prompt and say run as administrator.

 else

2> cmd--> enter--->cd.. --->enter--> go to C:\\ drive -----> cd Copy "C:\Program Files\Java\jdk1.6.0_31\bin" after then pest here.---> enter----> after then step 2

3> keytool -genkey -keystore "kartik.keystore" -alias "give Computer Full Name here" -keyalg RSA

        Enter keystore password:kartik 

 choose a password: kartik

        What is your first and last name?

          [Unknown]:  172.30.70.53     //if you have any domain name mention domain name here

        What is the name of your organizational unit?

          [Unknown]:  Development

        What is the name of your organization?

          [Unknown]:  Tarang

        What is the name of your City or Locality?

          [Unknown]:  Bangalore

        What is the name of your State or Province?

          [Unknown]:  Karnataka

        What is the two-letter country code for this unit?

          [Unknown]:  IN

        Is CN=172.30.70.53, OU=Development, O=Tarang, L=Bangalore, ST=Karnataka, C=India?

          [no]:  yes

        Enter key password for

                (RETURN if same as keystore password):kartik

  choose a password  here I give password: kartik

4>After than creat a kartik.keystore file with in this location like C:\Program Files\Java\jdk1.6.0_31\bin

5>After than go to server side and take this "kartik.keystore" and open this same command promt.(optional bellow 4 i)

5 i>keytool -importkeystore -srckeystore kartik.keystore -destkeystore kcm.p12 -deststoretype PKCS12

5 ii> for Jar file sign

   jarsigner -keystore kartik.keystore -signedjar sCount.jar Count.jar KARTIK-PC

6> keytool -export -keystore kartik.keystore -storepass kartik -alias KARTIK-PC -file kartik.cer

7> keytool -import -keystore kartik.truststore -storepass kartik -trustcacerts -alias KARTIK-PC -file kartik.cer

8> for web application in server.xml file

 <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

    <!-- A "Connector" using the shared thread pool-->

    <!--

    <Connector executor="tomcatThreadPool"

               port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443" />

    -->

    <!-- Define a SSL HTTP/1.1 Connector on port 8443

         This connector uses the JSSE configuration, when using APR, the

         connector should be using the OpenSSL style configuration

         described in the APR documentation -->

 <Connector SSLEnabled="true" clientAuth="false" keystoreFile="D://Certificate//Certificate//kartik//kartik.keyStore"

         keystorePass="kartik" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>

9> for webservice connection

 <beans xmlns="http://www.springframework.org/schema/beans"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xmlns:sec="http://cxf.apache.org/configuration/security"

 xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"

 xmlns:jaxws="http://cxf.apache.org/jaxws"

 xsi:schemaLocation="

     http://cxf.apache.org/configuration/security

     http://cxf.apache.org/schemas/configuration/security.xsd

     http://cxf.apache.org/transports/http/configuration

     http://cxf.apache.org/schemas/configuration/http-conf.xsd

     http://cxf.apache.org/jaxws

     http://cxf.apache.org/schemas/jaxws.xsd

     http://www.springframework.org/schema/beans

     http://www.springframework.org/schema/beans/spring-beans.xsd">

 <jaxws:client id="connectWebServicesUI"  serviceClass="com.kartik.connectui.webservice.IConnectWebUiServices"

                  address="https://172.30.70.53:9888/connect/WebServices">  

      </jaxws:client>

   <http-conf:conduit name="*.http-conduit">

            <http-conf:client ConnectionTimeout="800000" ReceiveTimeout="800000"/>

   <http-conf:tlsClientParameters secureSocketProtocol="SSL">

     <sec:keyManagers keyPassword="kartik">

      <sec:keyStore type="JKS" password="kartik" file="D://Certificate//Certificate//kartik//kartik.keyStore"/>

    </sec:keyManagers>

    <sec:trustManagers>

        <sec:keyStore type="JKS" password="kartik" file="D://Certificate//Certificate//kartik//kartik.truststore"/>

    </sec:trustManagers>

   </http-conf:tlsClientParameters>

  </http-conf:conduit>

</beans>

10> web.xml add one servlet

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">

.......

........

 <servlet>

      <description>Servlet for loading Initial application configuration</description>

      <display-name>Application Configuration Loader</display-name>

            <servlet-name>ConfigServlet</servlet-name>

            <servlet-class>com.kartik.connectui.utils.ConfigServlet</servlet-class>

      <load-on-startup>1</load-on-startup>

   </servlet>

.........

..........

 <welcome-file-list>

    <welcome-file>index.jsp</welcome-file>

  </welcome-file-list>

</web-app>

11>

package com.kartik.connectui.utils;

import javax.servlet.ServletConfig;

import javax.servlet.ServletContext;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import org.springframework.context.ApplicationContext;

import org.springframework.web.context.support.WebApplicationContextUtils;

import com.kartik.connectui.webservice.IConnectWebUiServices; 

public class ConfigServlet extends HttpServlet {

 private static final long serialVersionUID = 1L;

 private static IConnectWebUiServices services = null;

 /**

  * @category Loads during startup.

  */

 @Override

 public void init(ServletConfig conf) throws ServletException {

  // String constantsFile = null;

  // String realConstantsFile = null;

  try {

   _log.debug("Started loading of property files");

   final ServletContext servletcontexx = conf.getServletContext();

   final ApplicationContext appContext = WebApplicationContextUtils

     .getRequiredWebApplicationContext(servletcontexx);

   _log.debug("Accuring the connect with the Connect server");

   services = (IConnectWebUiServices) appContext

     .getBean("connectWebServicesUI");

   if (null != services) {

    _log.debug("Accured the connection with Connect server..");

   } else {

    _log.error("Error while accuring the connection with Connect server....");

   }

  } catch (final Exception e) {

   _log.error("Error while loading the property files"

     + e.getMessage());

          }

 }

 public static IConnectWebUiServices getServices() {

  return services;

 }

 public static void setServices(IConnectWebUiServices services) {

  ConfigServlet.services = services;

 }

}

12> In mule service configure

<?xml version="1.0" encoding="UTF-8"?>

<mule xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:https="http://www.mulesoft.org/schema/mule/https" xmlns:cxf="http://www.mulesoft.org/schema/mule/cxf" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:spring="http://www.springframework.org/schema/beans" xmlns:core="http://www.mulesoft.org/schema/mule/core" version="CE-3.3.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="

http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd

http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd

http://www.mulesoft.org/schema/mule/cxf http://www.mulesoft.org/schema/mule/cxf/current/mule-cxf.xsd

http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd

http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd ">

...................

<https:connector name="MPOS_HTTPS1" cookieSpec="netscape" validateConnections="true" sendBufferSize="0" receiveBufferSize="0" receiveBacklog="0" clientSoTimeout="10000" serverSoTimeout="10000" socketSoLinger="0" proxyHostname="localhost" proxyPort="80" doc:name="HTTP\HTTPS">

        <https:tls-key-store path="D://Certificate//Certificate//kartik//kartik.keyStore" keyPassword="kartik" storePassword="kartik"/>

    </https:connector>

    <flow name="connectWebUiservicesFlow" doc:name="connectWebUiservicesFlow">

        <https:inbound-endpoint exchange-pattern="request-response" host="localhost" port="9999" path="connect/connectWebServicesUI" doc:name="HTTP" connector-ref="MPOS_HTTPS1"/>

        <cxf:jaxws-service serviceClass="com.kartik.connect.webservices.IMPGWebUiServices" doc:name="SOAP" enableMuleSoapHeaders="false"/>

        <component doc:name="Java">

            <singleton-object class="com.kartik.connect.webservices.impl.MPGWebServices"></singleton-object>

        </component>

    </flow>

</mule>