JaxView being used as a proxy can be configured to perform the SSL hand shake if a server certificate is available for the service. This is done by creating a KeyStore to store the certificate.
NOTE: Every Web Service using a certificate for the SSL handshake needs to have a UNIQUE proxy port for accepting request. By default all services use port 9595. If a certificate is used then this port needs to be unique when adding the service
JaxView will listen for Web Service request on a unique port set by the user. When request come into that port, JaxView will load up the certificate (from cache) to perform the SSL handshake. The user needs to store the certificates, using keytool utility, in a keystore.
JaxView is shipped with Keytool.exe. Keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for authentication using digital signatures. It also allows users to cache the public keys of the parties they communicate with. This is installed in JaxView/jdk/bin directory.
To get more information on Keytool and how keystores are created and certificates are stored please look at
http://java.sun.com/docs/books/tutorial/security1.2/summary/tools.html
Important: The process for creating, requesting, and installing a digital certificate requires close attention to detail. Be sure to make a note of the parameters and command line arguments that you use in each step of the process as it is very important that you use the same values though out the procedure.
You need to have a digital certificate that can be imported into the key storage file used by Keytool. If your organization does not currently have a digital certificate for this purpose, you will need to make a request to a Certificate Authority to issue you a certificate.
To create the key storage data file needed for a certificate you need to first create a key pair. To do this you need to run the following command from the JaxView/JDK/Bin directory: (Note: this needs to be entered on a single line. It is displayed here on multiple lines to ease presentation.)
keytool -genkey -dname "CN=www.yourDomain.com, OU=yourDepartment, O=yourCompanyName,L=yourLocation, S=yourState, C=yourCountryCode" -alias yourAlias -keypass keyPassword -keystore .keystorePath -storepass keyStorePassword -keyalg "RSA" -validity valdays
The value of a -dname option must be in the following order where the italicized values are replaced by values of your choosing. The keywords are abbreviations for the following:
CN = commonName - common name of a person, for example,, "Warren Pease"
OU = organizationUnit - small organizational unit (e.g, "NetAdmin"
O = organizationName - large organization name, for example,, "ACMe-Systems, Inc."
L = localityName - locality (city) name, for example,, "Palo Alto"
S = stateName - state or province name, for example,, "California"
C = country - two-letter country code, for example,, "US"
The subcomponents within the ?dname (distinguished name string) variable are case-insensitive but they are order sensitive although you do not have to include all of the sub components. The ?dname variable should represent your company and the cn is the domain name of the webserver JaxView is installed on.
The value of ?storepass passphrase is a password used to protect the Key Store file. This password must be at least 6 characters long. You will need to use this password to import to and remove certificate data from the key store.
The ?alias variable is an alias or nickname you use to identify an entry in your keystore.
This command will create a file called serverKeystore (MAKE SURE YOU KEEP A BACK UP COPY OF THIS FILE SOMEWHERE else). JaxView will use this key store file to store the certificates used in your secure sessions.
Next you need to create a certificate request file. To do this run the following command from the same directory as above.
keytool -certreq -alias yourAlias -file certFilePath -keypass keyPassword -keystore keystorePath -storepass keyStorePassword -keyalg "RSA"
This will generate a filename.csr to be used as a request file. You need to send this file to a Certificate Authority (CA) along with your request for a certificate.
After you receive your certificate from a Certificate Authority (the reply should include a file called cert.cer) then you need to import this certificate into the KeyStore file you created with the procedure above. The file should be called serverKeystore. To import the certificate data into the KeyStore file run the following command from the same directory as above:
keytool -import -trustcacerts -alias yourAlias -file cert.cer -keystore keystorePath