axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vivian Wang <>
Subject Re: a HTTPS/SSL question
Date Thu, 30 Oct 2008 04:50:58 GMT
Hi Dumindu,

So is it hard to provide such an option (turn on/off validation)?
I think this limitation really restrict axis2/c's usage under SSL.
In my case, I would like to access salesforce web service using a WSDL
refered to by the URL:

All I know is this URL, and I don't know the CA certificate and server cert, and I am not
sure if they have one. I also have no way to know they server host and port, so I won't be
able to get their cert using the openSSL commands listed in the axis2/c manual.

Any workarounds?



>Hi Vivian,
>Please find my comment inline:
>On Wed, Oct 29, 2008 at 11:44 PM, Vivian Wang ><>wrote:
>So is there an option in axis2/c that I can turn off the certificate
>> validation?
>No we don't support that at the moment.
>> I think this is important because from a client point of view, lots of
>> times when I want to access a web service under SSL using https://.. I
>> know that is the site I want to go.
>Yes web browsers do support that, but in reality you don't know if
>that truly is the site that you want to access, if you don't have the
>server's certificate beforehand. (someone can spoof dns and appear
>themselves as Yes I have neglected about well known
>Certificate Authorities for simplicity. If you trust the CA that issued >the
>server cert, all you need is the CA's certificate.
>> And just like you said, browsers will ask you if you want to trust the >site
>> and I can say yes or no.It would also be very inconvenient for a client >to
>> have to get the certificate from a service provide (they may not give >you).

>Anyway, if it is only for testing, what you can do is to follow the >Axis2/C
>manual and retrieve the server cert from the server. [1] (refer to
>sec. 13.1.2 Configuration). Well you can do this even if it was not for
>testing, but it is not recommended to do so.




To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message