axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Uthaiyashankar <>
Subject Re: a HTTPS/SSL question
Date Wed, 29 Oct 2008 09:32:21 GMT

When you access an https endpoint, the certificate of that endpoint 
should be validated whether it can be trusted. This validation is based 
on, whether we trust any of the CA's of the certificate. This is same as 
what happened in a browser. If you access any https and if the browser 
can't validate the trust path, it will not allow (or give you a warning) 
to access the end point. AFAIK, in Axis2/C, we give the certificate 
chain file to verify this. I think, soapUI allows you access the 
endpoint without validating the certificate.


Vivian Wang wrote:
> Hi, there,
> I have a web service client using axis2/c to access a web site that is
protected with SSL (the url starts with https://). I didn't give a certificate chain file
path in the configuration file axis2.xml, so the web service client failed. However, if I
use soapUI (a free downloaded web service testing tool) to access the same serivce without
giving any SSL related setting (just like accessing a service starting with http://), it all
goes fine. What is the difference here? Is there any setting I can do in axis2/c to make it
work as soapUI?
> I noticed another similar thing. When a wsdl parser (from axis-j 1.4) tring to retrieve
a SSL-protected wsdl (I set it up in TOMCAT) using a URL that starts with https:, I have a
provide a client keystore (using jsse system.setProperty(....)) otherwise I will get an error
saying something like trustedstore not found, but soapUI was just fine loading the same wsdl.
What's really going on?
> Any help is much appreciated!
> Vivian
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Software Architect
WSO2 Inc. - "The Open Source SOA Company" 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message