« Utilisation d'un Web Service en mode SSL (ws) » : différence entre les versions
| Ligne 13 : | Ligne 13 : | ||
===Pour le certificat racine=== | ===Pour le certificat racine=== | ||
'''openssl.exe pkcs12 –in certificat_racine_in.pfx –out certificat_racine_out.pem''' | |||
on doit obtenir ceci | on doit obtenir ceci | ||
-----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | ||
MIICvjCCAiegAwIBAgIJAK5PRnaJPY2KMA0GCSqGSIb3DQEBBQUAMFwxFzAVBgNV | MIICvjCCAiegAwIBAgIJAK5PRnaJPY2KMA0GCSqGSIb3DQEBBQUAMFwxFzAVBgNV | ||
BAYTDlVuaXRlZCBLaW5nZG9tMRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEl | BAYTDlVuaXRlZCBLaW5nZG9tMRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEl | ||
MCMGA1UEAwwcU2FnZSBTU08gSWRlbnRpdHkgUm9vdCAoRUMyKTAeFw0xMDAzMDMw | MCMGA1UEAwwcU2FnZSBTU08gSWRlbnRpdHkgUm9vdCAoRUMyKTAeFw0xMDAzMDMw | ||
MDAwMDBaFw0xMzAzMDMwMDAwMDBaMFAxFzAVBgNVBAYTDlVuaXRlZCBLaW5nZG9t | MDAwMDBaFw0xMzAzMDMwMDAwMDBaMFAxFzAVBgNVBAYTDlVuaXRlZCBLaW5nZG9t | ||
MRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEZMBcGA1UEAwwQc3NvLnNhZ2Vz | MRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEZMBcGA1UEAwwQc3NvLnNhZ2Vz | ||
c2RwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnmVjDSzjEQSir0T7 | c2RwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnmVjDSzjEQSir0T7 | ||
GlUmRJWiUzB3yqCYv1czu5h71/FOjVTrrzN33fNfgzdywubAqgvzvKfkCpzRGZR6 | GlUmRJWiUzB3yqCYv1czu5h71/FOjVTrrzN33fNfgzdywubAqgvzvKfkCpzRGZR6 | ||
Ls8GlKy/jJQZoCbXgcxedEFM0QJYYB8gBYuUQWYxpck4C0VTLHOHyxppTRZ/5bNW | Ls8GlKy/jJQZoCbXgcxedEFM0QJYYB8gBYuUQWYxpck4C0VTLHOHyxppTRZ/5bNW | ||
ubjSL/nk/QBrO7ZlLHomLXi9HDsCAwEAAaOBkzCBkDCBjQYDVR0jBIGFMIGCgBQ4 | ubjSL/nk/QBrO7ZlLHomLXi9HDsCAwEAAaOBkzCBkDCBjQYDVR0jBIGFMIGCgBQ4 | ||
qkVbce+FKfSGJt9WtdjoVK0bVaFgpF4wXDEXMBUGA1UEBhMOVW5pdGVkIEtpbmdk | qkVbce+FKfSGJt9WtdjoVK0bVaFgpF4wXDEXMBUGA1UEBhMOVW5pdGVkIEtpbmdk | ||
b20xGjAYBgNVBAoMEVNhZ2UgKFVLKSBMaW1pdGVkMSUwIwYDVQQDDBxTYWdlIFNT | b20xGjAYBgNVBAoMEVNhZ2UgKFVLKSBMaW1pdGVkMSUwIwYDVQQDDBxTYWdlIFNT | ||
TyBJZGVudGl0eSBSb290IChFQzIpgggMGaY7iUA1NjANBgkqhkiG9w0BAQUFAAOB | TyBJZGVudGl0eSBSb290IChFQzIpgggMGaY7iUA1NjANBgkqhkiG9w0BAQUFAAOB | ||
gQAGIaJVvO0gQhT6ZpEaEU8+HzaNcB8nKVOKJzz0/j8+X72nz5Zb4w57LdBS+sA6 | gQAGIaJVvO0gQhT6ZpEaEU8+HzaNcB8nKVOKJzz0/j8+X72nz5Zb4w57LdBS+sA6 | ||
xNxbH02aPMAbFKTy1suDani9ax5JET7jcXt8FuccUQZxaYc8Pu5ZF2F1Oi0Sw+hD | xNxbH02aPMAbFKTy1suDani9ax5JET7jcXt8FuccUQZxaYc8Pu5ZF2F1Oi0Sw+hD | ||
jbIssjPvheIN3O6Yi+mRbSzJh/rX5IRBjEocx/BF1xP/mA== | jbIssjPvheIN3O6Yi+mRbSzJh/rX5IRBjEocx/BF1xP/mA== | ||
-----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
==>'''c'est le certificat racine''' | |||
===pour le certificat client=== | ===pour le certificat client=== | ||
Version du 4 juin 2010 à 09:54
Présentation
Paramétrage
La couche internet utilisée exige les certificats au format "pem".
Il s'agit convertir le certificat serveur et le certificat client.
Pour le certificat racine
openssl.exe pkcs12 –in certificat_racine_in.pfx –out certificat_racine_out.pem
on doit obtenir ceci
-----BEGIN CERTIFICATE----- MIICvjCCAiegAwIBAgIJAK5PRnaJPY2KMA0GCSqGSIb3DQEBBQUAMFwxFzAVBgNV BAYTDlVuaXRlZCBLaW5nZG9tMRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEl MCMGA1UEAwwcU2FnZSBTU08gSWRlbnRpdHkgUm9vdCAoRUMyKTAeFw0xMDAzMDMw MDAwMDBaFw0xMzAzMDMwMDAwMDBaMFAxFzAVBgNVBAYTDlVuaXRlZCBLaW5nZG9t MRowGAYDVQQKDBFTYWdlIChVSykgTGltaXRlZDEZMBcGA1UEAwwQc3NvLnNhZ2Vz c2RwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnmVjDSzjEQSir0T7 GlUmRJWiUzB3yqCYv1czu5h71/FOjVTrrzN33fNfgzdywubAqgvzvKfkCpzRGZR6 Ls8GlKy/jJQZoCbXgcxedEFM0QJYYB8gBYuUQWYxpck4C0VTLHOHyxppTRZ/5bNW ubjSL/nk/QBrO7ZlLHomLXi9HDsCAwEAAaOBkzCBkDCBjQYDVR0jBIGFMIGCgBQ4 qkVbce+FKfSGJt9WtdjoVK0bVaFgpF4wXDEXMBUGA1UEBhMOVW5pdGVkIEtpbmdk b20xGjAYBgNVBAoMEVNhZ2UgKFVLKSBMaW1pdGVkMSUwIwYDVQQDDBxTYWdlIFNT TyBJZGVudGl0eSBSb290IChFQzIpgggMGaY7iUA1NjANBgkqhkiG9w0BAQUFAAOB gQAGIaJVvO0gQhT6ZpEaEU8+HzaNcB8nKVOKJzz0/j8+X72nz5Zb4w57LdBS+sA6 xNxbH02aPMAbFKTy1suDani9ax5JET7jcXt8FuccUQZxaYc8Pu5ZF2F1Oi0Sw+hD jbIssjPvheIN3O6Yi+mRbSzJh/rX5IRBjEocx/BF1xP/mA== -----END CERTIFICATE-----
==>c'est le certificat racine
pour le certificat client
openssl.exe pkcs12 –in certificat_client_in.pfx –out certificat_client_out.pem
on doit obtenir ceci
Bag Attributes
localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F
friendlyName: Sage SSO Test Identity P (EC2)
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCKv+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g
4paPUlS7PnkINtR2fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0C
cNWlT3WeTYJRxuD642NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQAB
AoGATmat2ZfkFergJo+ZzxbhDZA6xFo5jdQ0FSGdfdeGKyeuCJ7bxr1Cpim3hzZ9
3Y5d77ZoEWxDfWKvZwExAasa8Mxirh91B5H2Q+JS02eQPBald583BiolYKjuWrdR
CXGVZo5xDt2beuNCwndQvUdfLlLQeKYtpUrBjcvDIgFRO+ECQQDkP2WxF9cwqvnN
z69Y33W1CoDHRZbhj551ND66OC0TYisXBGAuymbfAr/8eIEr5D+NodqWWcJhOVXf
dPO6ebXzAkEAm56yNagENnKjjpGP9EW5odefKTWs65selucJmC+JgFj7rskzImeQ
YIM7++HRBHwYByKUHXpzVP2uIpyiFhY39wJAP317FhXhoAIPVrasufX+0gtH4yZy
X/AJTeTohfhWYYvvHIn1D07x6prjOKF0nPbyzrz1BtmU/mJqhqwLmBV/DQJAc4t9
HkHF/vdXYT/K9r/eeMA0ONDVt4nRSJH6mbiSC24GUVyqTt0+YaqPGxIrs3zACmwu
NUT55R0F8kUCRAvzOQJATQ4h4D03xPgHlyh75qIPRmda+ShoV0UROI/bF7KRstVY
AFTC4VkU1qTIZNzUWjBl19OkD6aLN6E71f4KuAyuog==
-----END RSA PRIVATE KEY-----
Bag Attributes
localKeyID: 72 26 7B 85 69 DB AC 6E CE DE 80 B7 2C 5F 96 D2 0C 53 35 8F
friendlyName: Sage SSO Test Identity P (EC2)
subject=/C=United Kingdom/O=Sage (UK) Limited/CN=webappp.sagessdp.com
issuer=/C=United Kingdom/O=Sage (UK) Limited/CN=Sage SSO Identity Root (EC2)
-----BEGIN CERTIFICATE-----
MIICyTCCAjKgAwIBAgIQZV6oewOPcJJLyELdjc/oCDANBgkqhkiG9w0BAQUFADBc
MRcwFQYDVQQGEw5Vbml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExp
bWl0ZWQxJTAjBgNVBAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMikwHhcN
MTAwMzAzMDAwMDAwWhcNMTMwMzAzMDAwMDAwWjBUMRcwFQYDVQQGEw5Vbml0ZWQg
S2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxHTAbBgNVBAMMFHdl
YmFwcHAuc2FnZXNzZHAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK
v+CW6F6NyoIVdL+P9bbrYXJ0ZKNPyZg0W0TZYKSaD4xq736g4paPUlS7PnkINtR2
fXtvsBCoYviZ28a5rq4vAnaVH5FlNlKw8T9/FTQIEO9iuR0CcNWlT3WeTYJRxuD6
42NDcxzJuYG1zebhCep5cM/LKR2tR+Bb3egXlmfCdQIDAQABo4GTMIGQMIGNBgNV
HSMEgYUwgYKAFDiqRVtx74Up9IYm31a12OhUrRtVoWCkXjBcMRcwFQYDVQQGEw5V
bml0ZWQgS2luZ2RvbTEaMBgGA1UECgwRU2FnZSAoVUspIExpbWl0ZWQxJTAjBgNV
BAMMHFNhZ2UgU1NPIElkZW50aXR5IFJvb3QgKEVDMimCCAwZpjuJQDU2MA0GCSqG
SIb3DQEBBQUAA4GBAEuqnO78EANjZT/DfZU124DvRy/r+L1hZ3Et7a62wnHjDgAX
zKS3irZvzDOELYoXB5nkd4MMjCcy9F0jCZ2WfIWCS7D5LGrLLKcTKu5lKsArADKG
LzFrcDP6Y2djoToTgXWkQ6GDRu2uaOpQ/ZVWBY/qr0RKf1Fye1dAEyspPwhC
-----END CERTIFICATE-----
Extraire -----BEGIN RSA PRIVATE KEY----- ....-----END RSA PRIVATE KEY----- dans un fichier ==> c'est la clef privée
Extraire -----BEGIN CERTIFICATE----- ...-----END CERTIFICATE----- dans un fichier ==> c'est le certificat client