Handling Certificates with IIS7 and Routing the SOAP Requests to Systinet (Magic xpa 3.x)

Objective

This Technical Note explains how to use IIS7's routing capability to route SOAP requests to Systinet, allowing the usage of 2048-bit key length certificates.

Solution

The PStore Tool can generate a certification key of 1024 bytes. Therefore, you need to route the SOAP requests to Systinet if you want to use a certificate of 2048 bytes.

It is possible to route the requests using this new add on to IIS: http://www.iis.net/downloads/microsoft/application-request-routing.

Note that you can also find more information about this in the following locations:

http://www.iis.net/learn/extensions/configuring-application-request-routing-(arr)/define-and-configure-an-application-request-routing-server-farm

http://www.iis.net/learn/extensions/installing-application-request-routing-(arr)/install-application-request-routing

http://blogs.iis.net/wonyoo/archive/2011/04/20/how-to-install-application-request-routing-arr-2-5-without-web-platform-installer-webpi.aspx

http://aaronwalrath.wordpress.com/2010/05/28/installing-a-certificate-in-iis-7-5-from-a-public-certificate-authority/

After you have finished installing the ARRv2_5.exe add on, open IIS7 and follow the steps below:

1. Select the inetmgr's server node. (The server name on the tree view to the left.)

2. Double-click on the Application Request Routing Cache icon.
   
   
   

3. In the Actions panel on the right side, click the Server Proxy Settings action.
   
   

4. Select the Enable proxy check box.
   
   

5. Select the Use URL Rewrite to inspect incoming requests check box.
   
   

6. In the Reverse proxy field, enter the server where you want to route the request to. For example, if Systinet is under 10.1.12.115:6060 (or evitan.frmagic:6060), you should enter this.

7. In the Soap UI, change the endpoint to the IP (or machine name). For example, 10.1.12.115 (or evitan.frmagic) + the rest of the endpoint in the WSDL.

You should change "http://10.1.12.115:6060/MySolution/" (or http://evitan.frmagic:6060/MySolution/) to: "http://10.1.12.115/MySolution/" (or http://evitan.frmagic/MySolution/). Then, the server's IP (or machine name) and port will be replaced.

Usually, the Web service WSDL is not supposed to be modified very often because this means that the Web service specifications should also be changed.

Therefore, to deal with the endpoint manual change as described above, we can eventually consider saving the Systinet WSDL into a file that we can place in IIS in any virtual directory, and manually modify the endpoint according to the IIS's URL.