axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manjula Peiris <manj...@wso2.com>
Subject RE: certificate file for communicating via https
Date Sat, 04 Oct 2008 03:52:20 GMT

On Fri, 2008-10-03 at 12:14 -0400, Raghu Udupa wrote:
> Thanks Manjula. I need a couple more clarifications,
> 
> 1) If I store multiple certificates in a PFX file, how would
> axis2c/rampart know which certificate to use?

You need to provide the password in order to retrieve the certifcate.

> 
> 1.1) Does it go by the domain name in the URI? If so, what is the
> criteria?  That is, if URI is
> www.webservices.com/axis2/services/myservice, then, does it use the
> domain www.webservices.com for retrieving the certificate.
> 
> 1.2) Do I need to specify a password for each certificate?

> 2) You mention providing .pfx file and password to Rampart/C. My
> thinking was to specify PFX file in axis2.xml under SERVER_CERT. There
> is no tag in axis2.xml for specifying password. Where do I specify the
> password? Can I do it programmatically or through module.xml? 

The SEVER_CERT is for https clients. It has no relation to Rampart/C,
where it is focused on Message level Security.

> 
> 3) This is just a reconfirmation. In the client guide, it is mentioned
> that I can specify a PEM file. As long as PEM file is one certificate
> per PEM file, can I still use a PEM file.

One PEM file should contain one certificate.

> 
> Thanks,
> Raghu
> 
> -----Original Message-----
> From: Manjula Peiris [mailto:manjula@wso2.com] 
> Sent: Friday, September 19, 2008 5:35 AM
> To: Apache AXIS C User List
> Subject: Re: certificate file for communicating via https
> 
> 
> On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
> > If a web services client wants to communicate with different servers,
> > can certificates for different servers be specified in one PEM file.
> > For curl, you can specify a single certificate file which can contain
> > multiple certificates. I would like to know whether axis2c provides
> > this feature.
> 
> No you can't specify it in one PEM file. Rampart/C the Axis2/C security
> project does not support that. But you can store all the certificates in
> a pfx key store and provide Rampart/C with the .pfx file with the
> password to retrieve the certificate from the key store. 
> 
> 
> > 
> >  
> > 
> > Thanks,
> > 
> > Raghu
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message