webservices SSL（https） [英] webservices SSL (https)

问题描述

如果我通过https（ https：// mywebservice / myservice ）提供网络服务，这意味着我需要拥有一个连接到这个网络服务的证书，对吗？

If i have a webservice over https (https://mywebservice/myservice) that means that i need to have a certificate to connect to this webservice, right?

这样的事情：

Java HTTPS客户端证书身份验证

我不理解这一点，假设我的第一个问题是正确的，为什么我可以使用soapUI 3.5连接到web服务（我没有配置SSL设置）但如果我使用Java进行通信我总是有错误（Axis 2 1.6） .1）（我已经尝试了基本的auth，有很多变种，我的请求与SOAP请求非常相似（在soapUI中）。）

I don´t understand this point, assuming that my first question is correct, why can i connect to a webservice using soapUI 3.5 (and i don't have configuration "SSL Setting") but i always have a error if i communicate using Java (Axis 2 1.6.1) (i already try basic auth, with a lot variants and my request is very similar to the SOAP request(in soapUI)).

为什么我看到在SOAPUI日志中INFO [HttpClientSupport $ Helper]更新keyStore ..如果我没有证书？

And why do i see in SOAPUI logs "INFO [HttpClientSupport$Helper] Updating keyStore.." if i don´t have certificates?

如果我在我的SOAP UI中请求Informa关于SSL信息，意思是什么？

And if i have in my SOAP UI Request Information on "SSL Info", what´s the meaning?

我希望你理解我的观点。

I hope you understand my point.

非常感谢。

推荐答案

SSL有两种情况。

一个是单向证书，在这种情况下，您通过https连接到服务器，服务器向客户端提供其证书的公共版本（在本例中为soapui）。为此，SoapUI需要知道根证书（如果它在证书链的末尾）或实际证书（如果它是自签名证书）。

One is one-way certificates, in which case you connect to the server via https and the server provides a public version of it's certificate to the client (in this case soapui). For this to work SoapUI needs to know the root certificate (if it is at the end of a certificate chain) or the actual certificate (if it is a self-signed certificate).

在使用双向证书的极少数情况下，单向仍然与上面相同，但在另一个方向上，客户端提供证书来验证自身。在这种情况下，服务器必须知道能够批准它的证书。

In rare situations where two-way certificates are used one-way is still the same as above, but in the other direction the client provides a certificate to authenticate itself. In this case the server must know of the certificate to be able to approve it.

除非您的Web服务期望用于身份验证的证书，否则很可能是它只是如上所述的单向证书的情况，然后最好确定它是自签名证书还是证书链的末尾。

Unless case your web-service is expecting a certificate for authentication then it is most likely that it is simply a case of one-way certificates as described above, and then it is best to determine whether it is a self-signed certificate or the end of a certificate chain.

在unix / linux系统上使用openssl，或在连接到webservice后在任何系统上打开浏览器中的证书，以获得有关所收到证书结构的更多详细信息。

Use either openssl on unix/linux systems or open the certificate in your browser on any system after connecting to the webservice to get more details on the structure of the certificate received.

取决于您使用的客户端将取决于您如何纠正这种情况，但是对于soapui，例如，您将根证书添加到用于调用soapui的java版本的cacerts文件中。

Depending on your client you are using will depend on how you correct the situation, but for soapui for example you would add the root certificate to the cacerts file in the java version used to invoke soapui.

这篇关于webservices SSL（https）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！