axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Senaka Fernando" <sen...@wso2.com>
Subject Re: HTTPS support -- different implementation from AXIS-J
Date Wed, 13 Feb 2008 09:25:09 GMT
Hi Dumindu,

I Suggest "certificates file", instead of "client certificate chain file"
according to [1]

[1] http://www.openssl.org/docs/apps/verify.html

Regards,
Senaka

> Well "client certificate chain" may not be the best term to use. Any
> suggestions?
>
> -Dumindu.
>
> On Feb 13, 2008 2:21 PM, Dumindu Pallewela <pallewela@gmail.com> wrote:
>> Hi Senaka,
>>
>> Yes, that's why I said that he can directly use the server certificate
>> :)
>>
>> However, in axis2 manual, what is referred to as the certificate chain
>> file has nothing to do with CA verification, but client
>> authentication. This is the file which has both the client certificate
>> and client private key.
>>
>> Regards,
>> Dumindu.
>>
>>
>> On Feb 13, 2008 2:08 PM, Senaka Fernando <senaka@wso2.com> wrote:
>> > Hi Dumindu,
>> >
>> > We've done some modifications to CA cert verification. There Vivi
>> would
>> > not want to store the entire cert chain locally.
>> >
>> > Regards,
>> > Senaka
>> >
>> >
>> > > Hi Vivian,
>> > >
>> > >>
>> > >> (1) I looked at the manuals you refered to, it seems to me that I
>> will
>> > >> need
>> > >> to re-compile the AXIS2/c to enable ssl. My question is this, is
>> the
>> > >> downloaded binary from AXIS2/c side SSL enabled?
>> > >
>> > > No, you have to compile source with --enable-openssl option set.
>> > >
>> > >>
>> > >> (2) Now suppose I have an AXIS2/c based client, and an AXIS-j
>> (v1.4) +
>> > >> TOMCAT based server component, will the HTTPS continue to work if I
>> set
>> > >> up
>> > >> key chain file for the client and set up keystore file for the
>> > >> AXIS-J/TOMCAT
>> > >> based server? Did anyone ever test this senario? and how to test?
>> > >
>> > > Well, I haven't tested this particular scenario myself and I'm not
>> > > sure if someone else has tested it already either. But we have
>> tested
>> > > our https transport againts other servers and there is no reason
>> that
>> > > I can think of, why it would fail for TOMCAT.
>> > >
>> > > Of course you are welcome to test this scenario, I can help you with
>> > > setting up the axis2/c client, but I am not sure how TOMCAT should
>> be
>> > > dealt with. However, if you can set up https for TOMCAT somehow, you
>> > > can check if it is working properly, by pointing your browser to the
>> > > end point url.
>> > >
>> > > Then  the easiest way to configure AXIS2/C client is to provide the
>> > > same server certificate that you have used in TOMCAT server for the
>> > > SERVER_CERT parameter in axis2.xml. Note that there is no need for a
>> > > key-chain file or a pass-phrase if you do not want client
>> > > authentication.
>> > >
>> > >
>> > > HTH,
>> > > Dumindu.
>> > >
>> > > --
>> > > Dumindu Pallewela
>> > > http://blog.dumindu.com
>> > > GPG ID: 0x9E131672
>> > >
>> > > WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com
>> > >
>> >
>> > > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
>> > > For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>> > >
>> > >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
>> > For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>> >
>> >
>>
>>
>>
>> --
>>
>> Dumindu Pallewela
>> http://blog.dumindu.com
>> GPG ID: 0x9E131672
>>
>> WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com
>>
>
>
>
> --
> Dumindu Pallewela
> http://blog.dumindu.com
> GPG ID: 0x9E131672
>
> WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com
>



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org


Mime
View raw message