Issues with Impersonating a WCF Secure Web Server using Glassfish / Metro

Question

I am attempting to construct a Glassfish hosted web service that impersonates (for development testing) a WCF hosted web service. I have the WSDL from the WCF hosted service, and I can construct the Java service and Java client from the WCF-hosted WSDL with no issues. The WSDL uses Mutual Certificate Security for data exchange.

The WSDL has an embedded X509 certificate that matches the WCF server's host certificate.

When I try to connect my Java client to the Glassfish-hosted Java service I get - of course - certificate errors.

So what steps do I take to get this to work? I am assuming that:

A) I need to replace the X509 certificate string in the WSDL with the contents of the self-signed Glassfish certificate 's1as' created when I installed Glassfish.

B) Set the Glassfish server SSL parameters for the server Network config to use the default cacerts.jks and keystore.jks certificate stores supplied with the Glassfish installation. Even though I am not using SSL here, I am assuming the server needs to know where its truststore and keystore is to perform mutual certificate security across HTTP.

C) Add the 's1as' server certificate to the truststore for the Java client.

D) Add whatever certificate I was previously using for the original WCF connecting client to the keystore for the Glassfish server. (I am not sure on this one?)

Is there something I am missing here? Any assistance would be much appreciated.

Answer 1

Apparently, you're using message layer security, not SSL. So the communication layer is not encrypted, just the messages themselves.

This is done in Glassfish using the WSIT features. I suggest looking at the Mutual Certificate Security example in the WSIT Tutorial: http://docs.oracle.com/cd/E19316-01/820-1072/ahiem/index.html.

Basically, WSIT uses the keystores in as-install/domains/domain1/config, and you need to specify them by alias name in your WSIT descriptor.

Greets, Geert.