Utilisation d'un Web Service en mode SSL (ws)

De Wiki1000

Sommaire

Présentation

Webservice ssl1.jpg

Webservice ssl2.jpg

Paramétrage

La couche internet utilisée exige les certificats au format "pem".

Il s'agit convertir le certificat serveur et le certificat client.

Pour le certificat racine

openssl.exe pkcs12 –in certificat_racine_in.pfx –out certificat_racine_out.pem

on doit obtenir ceci


BEGIN CERTIFICATE-----

MIICvjCCAiegAwIBAgIJAK5PRnaJPY2KMA0GCSqGSIb3DQEBBQUAMFwxFzAVBgNV BAYTDlVuaXRlZCBLaW5nZG9tMRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEl MCMGA1UEAwwcU2FnZSBTU08gSWRlbnRpdHkgUm9vdCAoRUMyKTAeFw0xMDAzMDMw MDAwMDBaFw0xMzAzMDMwMDAwMDBaMFAxFzAVBgNVBAYTDlVuaXRlZCBLaW5nZG9t MRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEZMBcGA1UEAwwQc3NvLnNhZ2Vz c2RwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnmVjDSzjEQSir0T7 GlUmRJWiUzB3yqCYv1czu5h71/FOjVTrrzN33fNfgzdywubAqgvzvKfkCpzRGZR6 Ls8GlKy/jJQZoCbXgcxedEFM0QJYYB8gBYuUQWYxpck4C0VTLHOHyxppTRZ/5bNW ubjSL/nk/QBrO7ZlLHomLXi9HDsCAwEAAaOBkzCBkDCBjQYDVR0jBIGFMIGCgBQ4 qkVbce+FKfSGJt9WtdjoVK0bVaFgpF4wXDEXMBUGA1UEBhMOVW5pdGVkIEtpbmdk b20xGjAYBgNVBAoMEVNhZ2UgKFVLKSBMaW1pdGVkMSUwIwYDVQQDDBxTYWdlIFNT TyBJZGVudGl0eSBSb290IChFQzIpgggMGaY7iUA1NjANBgkqhkiG9w0BAQUFAAOB gQAGIaJVvO0gQhT6ZpEaEU8+HzaNcB8nKVOKJzz0/j8+X72nz5Zb4w57LdBS+sA6 xNxbH02aPMAbFKTy1suDani9ax5JET7jcXt8FuccUQZxaYc8Pu5ZF2F1Oi0Sw+hD jbIssjPvheIN3O6Yi+mRbSzJh/rX5IRBjEocx/BF1xP/mA==


END CERTIFICATE-----

==>c'est le certificat racine


pour le certificat client

openssl.exe pkcs12 –in certificat_client_in.pfx –out certificat_client_out.pem

on doit obtenir ceci

Bag Attributes

   localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F 
   friendlyName: Sage SSO Test Identity P (EC2)

Key Attributes: <No Attributes>


BEGIN RSA PRIVATE KEY-----

MIICWwIBAAKBgQCKv+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g 4paPUlS7PnkINtR2fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0C cNWlT3WeTYJRxuD642NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQAB AoGATmat2ZfkFergJo+ZzxbhDZA6xFo5jdQ0FSGdfdeGKyeuCJ7bxr1Cpim3hzZ9 3Y5d77ZoEWxDfWKvZwExAasa8Mxirh91B5H2Q+JS02eQPBald583BiolYKjuWrdR CXGVZo5xDt2beuNCwndQvUdfLlLQeKYtpUrBjcvDIgFRO+ECQQDkP2WxF9cwqvnN z69Y33W1CoDHRZbhj551ND66OC0TYisXBGAuymbfAr/8eIEr5D+NodqWWcJhOVXf dPO6ebXzAkEAm56yNagENnKjjpGP9EW5odefKTWs65selucJmC+JgFj7rskzImeQ YIM7++HRBHwYByKUHXpzVP2uIpyiFhY39wJAP317FhXhoAIPVrasufX+0gtH4yZy X/AJTeTohfhWYYvvHIn1D07x6prjOKF0nPbyzrz1BtmU/mJqhqwLmBV/DQJAc4t9 HkHF/vdXYT/K9r/eeMA0ONDVt4nRSJH6mbiSC24GUVyqTt0+YaqPGxIrs3zACmwu NUT55R0F8kUCRAvzOQJATQ4h4D03xPgHlyh75qIPRmda+ShoV0UROI/bF7KRstVY AFTC4VkU1qTIZNzUWjBl19OkD6aLN6E71f4KuAyuog==


END RSA PRIVATE KEY-----

Bag Attributes

   localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F 
   friendlyName: Sage SSO Test Identity P (EC2)

subject=/C=United Kingdom/O=Sage (UK) Limited/CN=webappp.sagessdp.com issuer=/C=United Kingdom/O=Sage (UK) Limited/CN=Sage SSO Identity Root (EC2)


BEGIN CERTIFICATE-----

MIICyTCCAjKgAwIBAgIQZV6oewOPcJJLyELdjc/oCDANBgkqhkiG9w0BAQUFADBc MRcwFQYDVQQGEw5Vbml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExp bWl0ZWQxJTAjBgNVBAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMikwHhcN MTAwMzAzMDAwMDAwWhcNMTMwMzAzMDAwMDAwWjBUMRcwFQYDVQQGEw5Vbml0ZWQg S2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxHTAbBgNVBAMMFHdl YmFwcHAuc2FnZXNzZHAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK v+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g4paPUlS7PnkINtR2 fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0CcNWlT3WeTYJRxuD6 42NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQABo4GTMIGQMIGNBgNV HSMEgYUwgYKAFDiqRVtx74Up9IYm31a12OhUrRtVoWCkXjBcMRcwFQYDVQQGEw5V bml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxJTAjBgNV BAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMimCCAwZpjuJQDU2MA0GCSqG SIb3DQEBBQUAA4GBAEuqnO78EANjZT/DfZU124DvRy/r+L1hZ3Et7a62wnHjDgAX zKS3irZvzDOELYoXB5nkd4MMjCcy9F0jCZ2WfIWCS7D5LGrLLKcTKu5lKsArADKG LzFrcDP6Y2djoToTgXWkQ6GDRu2uaOpQ/ZVWBY/qr0RKf1Fye1dAEyspPwhC


END CERTIFICATE-----


Extraire -----BEGIN RSA PRIVATE KEY----- ....-----END RSA PRIVATE KEY----- dans un fichier ==> c'est la clef privée

Extraire -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE----- dans un fichier ==> c'est le certificat client

Outils personnels