Utilisation d'un Web Service en mode SSL (ws)

De Wiki1000

Sommaire

Présentation

Webservice ssl1.jpg

Webservice ssl2.jpg

Paramétrage

La couche internet utilisée exige les certificats au format "pem".

Il s'agit convertir le certificat serveur et le certificat client.

Pour le certificat racine

openssl.exe pkcs12 –in certificat_racine_in.pfx –out certificat_racine_out.pem

on doit obtenir ceci

-----BEGIN CERTIFICATE-----
MIICvjCCAiegAwIBAgIJAK5PRnaJPY2KMA0GCSqGSIb3DQEBBQUAMFwxFzAVBgNV
BAYTDlVuaXRlZCBLaW5nZG9tMRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEl
MCMGA1UEAwwcU2FnZSBTU08gSWRlbnRpdHkgUm9vdCAoRUMyKTAeFw0xMDAzMDMw
MDAwMDBaFw0xMzAzMDMwMDAwMDBaMFAxFzAVBgNVBAYTDlVuaXRlZCBLaW5nZG9t
MRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEZMBcGA1UEAwwQc3NvLnNhZ2Vz
c2RwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnmVjDSzjEQSir0T7
GlUmRJWiUzB3yqCYv1czu5h71/FOjVTrrzN33fNfgzdywubAqgvzvKfkCpzRGZR6
Ls8GlKy/jJQZoCbXgcxedEFM0QJYYB8gBYuUQWYxpck4C0VTLHOHyxppTRZ/5bNW
ubjSL/nk/QBrO7ZlLHomLXi9HDsCAwEAAaOBkzCBkDCBjQYDVR0jBIGFMIGCgBQ4
qkVbce+FKfSGJt9WtdjoVK0bVaFgpF4wXDEXMBUGA1UEBhMOVW5pdGVkIEtpbmdk
b20xGjAYBgNVBAoMEVNhZ2UgKFVLKSBMaW1pdGVkMSUwIwYDVQQDDBxTYWdlIFNT
TyBJZGVudGl0eSBSb290IChFQzIpgggMGaY7iUA1NjANBgkqhkiG9w0BAQUFAAOB
gQAGIaJVvO0gQhT6ZpEaEU8+HzaNcB8nKVOKJzz0/j8+X72nz5Zb4w57LdBS+sA6
xNxbH02aPMAbFKTy1suDani9ax5JET7jcXt8FuccUQZxaYc8Pu5ZF2F1Oi0Sw+hD
jbIssjPvheIN3O6Yi+mRbSzJh/rX5IRBjEocx/BF1xP/mA==
-----END CERTIFICATE-----

==>c'est le certificat racine

pour le certificat client

openssl.exe pkcs12 –in certificat_client_in.pfx –out certificat_client_out.pem

on doit obtenir ceci

Bag Attributes
   localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F 
   friendlyName: Sage SSO Test Identity P (EC2)
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCKv+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g
4paPUlS7PnkINtR2fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0C
cNWlT3WeTYJRxuD642NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQAB
AoGATmat2ZfkFergJo+ZzxbhDZA6xFo5jdQ0FSGdfdeGKyeuCJ7bxr1Cpim3hzZ9
3Y5d77ZoEWxDfWKvZwExAasa8Mxirh91B5H2Q+JS02eQPBald583BiolYKjuWrdR
CXGVZo5xDt2beuNCwndQvUdfLlLQeKYtpUrBjcvDIgFRO+ECQQDkP2WxF9cwqvnN
z69Y33W1CoDHRZbhj551ND66OC0TYisXBGAuymbfAr/8eIEr5D+NodqWWcJhOVXf
dPO6ebXzAkEAm56yNagENnKjjpGP9EW5odefKTWs65selucJmC+JgFj7rskzImeQ
YIM7++HRBHwYByKUHXpzVP2uIpyiFhY39wJAP317FhXhoAIPVrasufX+0gtH4yZy
X/AJTeTohfhWYYvvHIn1D07x6prjOKF0nPbyzrz1BtmU/mJqhqwLmBV/DQJAc4t9
HkHF/vdXYT/K9r/eeMA0ONDVt4nRSJH6mbiSC24GUVyqTt0+YaqPGxIrs3zACmwu
NUT55R0F8kUCRAvzOQJATQ4h4D03xPgHlyh75qIPRmda+ShoV0UROI/bF7KRstVY
AFTC4VkU1qTIZNzUWjBl19OkD6aLN6E71f4KuAyuog==
-----END RSA PRIVATE KEY-----
Bag Attributes
    localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F 
    friendlyName: Sage SSO Test Identity P (EC2)
subject=/C=United Kingdom/O=Sage (UK) Limited/CN=webappp.sagessdp.com
issuer=/C=United Kingdom/O=Sage (UK) Limited/CN=Sage SSO Identity Root (EC2)
-----BEGIN CERTIFICATE-----
MIICyTCCAjKgAwIBAgIQZV6oewOPcJJLyELdjc/oCDANBgkqhkiG9w0BAQUFADBc 
MRcwFQYDVQQGEw5Vbml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExp
bWl0ZWQxJTAjBgNVBAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMikwHhcN
MTAwMzAzMDAwMDAwWhcNMTMwMzAzMDAwMDAwWjBUMRcwFQYDVQQGEw5Vbml0ZWQg
S2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxHTAbBgNVBAMMFHdl
YmFwcHAuc2FnZXNzZHAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK
v+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g4paPUlS7PnkINtR2
fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0CcNWlT3WeTYJRxuD6
42NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQABo4GTMIGQMIGNBgNV
HSMEgYUwgYKAFDiqRVtx74Up9IYm31a12OhUrRtVoWCkXjBcMRcwFQYDVQQGEw5V
bml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxJTAjBgNV
BAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMimCCAwZpjuJQDU2MA0GCSqG
SIb3DQEBBQUAA4GBAEuqnO78EANjZT/DfZU124DvRy/r+L1hZ3Et7a62wnHjDgAX
zKS3irZvzDOELYoXB5nkd4MMjCcy9F0jCZ2WfIWCS7D5LGrLLKcTKu5lKsArADKG
LzFrcDP6Y2djoToTgXWkQ6GDRu2uaOpQ/ZVWBY/qr0RKf1Fye1dAEyspPwhC
-----END CERTIFICATE-----

Extraire -----BEGIN RSA PRIVATE KEY----- ....-----END RSA PRIVATE KEY----- dans un fichier ==> c'est la clef privée

Extraire -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE----- dans un fichier ==> c'est le certificat client

Outils personnels