Appendix B. Microsoft .NET Web services 501
encrypt the entire message being sent. We now implement message-level
security in this scenario for Internet Information Server V5.
B.3.1 Configuring the .NET Web service to require SSL
The .NET Web service depends on Microsoft Internet Information Services (IIS)
in order to provide SSL support. Therefore, we must begin by visiting the IIS
console and the .NET directory previously created there. From here, we request,
then install, a server certificate for the usage of SSL between the .NET Web
service and J2EE client.
Requesting a server certificate
Perform the following where the .NET Framework and IIS are installed:
1. Click Start → Programs → Administrative Tools → Internet Services
Manager to load the IIS console.
2. Navigate to the Web page where the ManufacturerB virtual directory exists. If
you followed prior instructions, this would be located in the Default Web Site
virtual root.
3. Right-click Default Web Site and select Properties.
4. In the properties window, navigate to the Directory Security tab and click the
Server Certificate button. This loads the Web Server Certificate Wizard.
5. Click Next to bypass the welcome dialog box of the wizard.
6. Select the Create a new certificate radio button and click Next.
7. In the next window, select Prepare the request now, but send it later radio
button and click Next.
8. Here, input Manufacturer B Web Server in the Name field and select 1024 in
the bit length drop-down menu (Figure B-13 on page 502) and click Next.
Tip: In our sample scenario, we chose not to request the necessary server
certificate from an outside Certificate Authority (CA); we chose to use the
Microsoft Certificate Services to generate our server certificate. Microsoft
Certificate Services is a Windows 2000 Server component that can be added
to the operating system from the Windows 2000 Server CD, if it has not been
installed previously.
502 Patterns: Extended Enterprise SOA and Web Services
Figure B-13 Input a common name and bit length for the server certificate
9. Under Organization, input ManufacturerB and under Organizational Unit,
input Manufacturing. Click Next.
10.For the Common name field, input the IP address or fully qualified host name
of the machine running the .NET Web service. We used our web server’s IP
address. Click Next.
11.Input pertinent geographical information in the following dialog box and click
Next.
12.The certificate request will be saved in a .txt file for future usage. Here,
name the .txt file to something easily remembered and save it in a specific
directory, or leave it as the default name and location as we did
(C:\certreq.txt). Click Next.
13.The final dialog box is just a summary of all previously-entered information.
Ensure that it is all correct and click Next.
14.Click Finish to exit the server certificate request wizard.
We have now made a request for a server certificate that will enable the .NET
Web server to communicate with SSL.
Appendix B. Microsoft .NET Web services 503
Processing the Web server certificate request
In this section, we use the Microsoft Certificate Services in order to process the
Web server certificate request previously generated.
1. Open a Web browser and navigate to:
http://localhost/CertSrv
Where localhost should be replaced with the domain name or IP address of
the server running the Microsoft Certificate Services.
The Microsoft Certificate Services Web page should be displayed as shown in
Figure B-14.
Figure B-14 The Microsoft Certificate Services application
2. Select Request a certificate and click Next.
3. On the next page, select Advanced request and click Next.
4. Select the Submit a certificate request using a base64 encoded PKCS
#10 file or a renewal request using a base64 encoded PKCS #7 file option
and click Next.
5. The following window contains a text input box that allows a user to input a
base64 encoded PKCS #10 certificate request.
504 Patterns: Extended Enterprise SOA and Web Services
Use a text editor to open the certificate request .txt file that was created
using the Web server certificate request wizard in the previous section (in our
case C:\certreq.txt). When the file has been found, copy and paste its
entire contents into the Saved Request input box as shown in Figure B-15.
Then, click Submit.
6. The following window is a confirmation window informing the user that the
certificate request has been received and is waiting to be processed. Exit this
window.
We now have a certificate request that is waiting to be issued.
Figure B-15 Copying the certificate request to the Saved Request dialog box.
7. Click Submit. The resulting window is a confirmation window informing the
user that the certificate request has been received and is waiting to be
processed. Exit this window.
Get Patterns: Extended Enterprise SOA and Web Services now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
