Publishing a web service with https

I have successfully published a web service using Linx 5 on a local server. I used SoapUI on another box to consume the Web Service by providing SoapUI with the following link to the WSDL:

http://vdmaphqs019:8023/D1WebService?singleWsdl

The endpoint I use for the Web Service works fine too.

This works fine. However, I would like to do the same using HTTPS. When I try using the URL below, SoapUI is unable to access the WSDL.

https://vdmaphqs019:8022/D1WebService?singleWsdl

SoapUI seems to be complaining:
SSL handshake exception: server chose TLSv1, but that protocol version is not enabled or not supported by the client.

When I try it from a browser, I get this:

GET /D1WebService?singleWsdl HTTP/1.1
Host: vdmaphqs019:8022
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

HTTP/1.1 500 Internal Server Error
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 19 May 2016 21:56:27 GMT

Any ideas on how to get this web service working with HTTPS?

I am able to use HTTPS to login to the Linx console without any problems.

It asks me for the username and password, and I login and am able to see the Linx Server Summary. So that seems to tell me that I am able to do HTTPS on port 8022 from my browser to the server. However, I can’t do anything with the web service itself using HTTPS.

Many thanks!

To enable https on a SOAP web service please do the following.

  1. Put https in the endpoint uri. In your case it will be https://vdmaphqs019:8023/D1WebService.
  2. Change security mode to Transport.
  3. Bind a certificate to the port you want to use. In this case you can run the following command as an administrator:

netsh http add sslcert ipport=0.0.0.0:8023 certhash=d7bd8d21761135c12749cb1467a9caed6b0efc08 appid={00000000-0000-0000-0000-000000000000}

It binds the Linx certificate to the port you want to use. You can bind your own certificate to this port by replacing the certhash with your own. See How to: Configure a Port with an SSL Certificate - WCF | Microsoft Learn for more details on how this works.

Please let me know whether it works for you and if you have any further issues.

Thanks for your reply. I was able to bind a certificate to the port using the netsh command in step 3. (I did this on the server.) However, I am unclear as to what to do in Step 2, “Change security mode to Transport.”

Is that something that is done from the client or the server? I tried to use the URI in step 1 from a SoapUI client, but I am getting an error from SoapUI client. (Unrecognized SSL message, plaintext connection?)

Normally, I am used to having separate port numbers for http and https. For example, 8022 for https (as is used to connect to the Linx console), and 8023 for normal http. Are you saying that port 8023 will be used for http and https?

Isn’t the certificate already bound to port 8022?

SSL Certificate bindings:

IP:port                 : 0.0.0.0:8022
Certificate Hash        : d7bd8d21761135c12749cb1467a9caed6b0efc08
Application ID          : {00000000-0000-0000-0000-000000000000}
Certificate Store Name  : (null)
Verify Client Certificate Revocation    : Disabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout   : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Disabled

Many thanks!

I also wanted to mention that I am running the Linx server on Windows 2008 r2. I did not install IIS on this box. Do I need it?

Security mode is a property on the SOAPService instance as highlighted below.

Port 8022 is the default port Linx Server uses to expose its management application. Every instance of SOAPWebService or RESTWebService you create must have its own unique port. In the attached sample solution I’ve created two SOAPWebServices that return “Hello World”. One uses https over port 8023 and the other http over port 8024. To use the solution deploy it to your Linx Server

browse to the Linx Server management application

and start the two services.

Once they’ve started you can browse to them with any browser to view the wsdl and some basic info.

Once you can do this then you should be able to use the SOAPUI to call them.

You can bind one certificate to multiple ports. You do not need IIS installed. Our SOAPWebService and RESTWebService services use their own embedded web server.

Oh yes - I totally understand now. Thank you!

It has been several months since I first developed my SOAP web service using this platform. I totally forgot about setting up the end point from within the LinxDesigner.

This is all making sense now. Thank you so much for taking the time to write this up with such clarity and detail. I hope that this also helps other users and developers too.

My apologies for being so dense after your first response. I just couldn’t quite see the light until you provided this greater level of detail.

Many thanks!

No problem. We hope you find Linx useful.

I was so close! When I connect to the web service that is deployed as normal HTTP, I get a success from SoapUI. But when I connect to the same web service project on the same server, but deployed as HTTPS on a different port (as described above,) this is what I get:

415 Cannot process the message because the content type ‘text/xml;charset=UTF-8’ was not the expected type ‘application/soap+xml; charset=utf-8’.

In SoapUI, I then added a header for Content-Type and assigned it a value of application/soap+xml; charset=utf-8. Then I tried again, but this time I get this:

HTTP/1.1 400 Bad Request
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 26 May 2016 19:31:42 GMT

Any ideas how to resolve this?

Does it have something to do with the binding type for the service endpoint?

Many thanks!

In SoapUI, change the SOAP Version in the Interface properties to SOAP1.2.

If you find that you now get

The message with To ‘’ cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher. Check that the sender and receiver’s EndpointAddresses agree.

make sure wsa:To is in the header by checking it in the SoapUI WS-A tab.

Thank you for your response. I actually just created a new SOAP Project in SoapUI, this time using the HTTPS URL for the WSDL. (Before, I did not create a new project in SoapUI for the HTTPS site. I had used the project created with the HTTP link to WSDL, and then changed the endpoint URL to be HTTPS.)

Once I had the new project created, I then made sure wsa:To was in the header by checking it in the SoapUI WS-A tab.

Now it is all working. Many thanks!

As an additional question, I was wondering which methods of authentication are available for https on a SOAP web service?

  1. Username and password
  2. Public Key authentication

Is it possible to configure these types of authentication with https on a SOAP web service?

Many thanks!

We currently support either Transport (https) or Message (x509 cert) security, not both at once. Let me know if it is something that you would like us to build in.

Okay - thanks!

I must be missing something because I don’t see where/how to setup the https SOAP web service to require a username and password. (I am using transport security.)

I went into the user settings in the Linx server web page, and I was able to add a user, and under “Role”, I set the user to be Web User and I checked the box for the web service.

Is there something else I need to do to the SOAP web service itself to require the authentication? Is there a web.config file that needs to be modified, or is there something in the WSDL that I need to change?

Many thanks!