axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael D. Spence" <spe...@panix.com>
Subject RE: Axis and SSL
Date Tue, 17 Dec 2002 22:00:41 GMT
> -----Original Message-----
> From: Christer Holmér [mailto:Christer.Holmer@corustechnologies.com]
> Sent: Tuesday, December 17, 2002 7:35 AM
> To: axis-user@xml.apache.org
> Subject: AW: Axis and SSL
> 
> 
> This works if you have JSSE installed (included in JDK 1.4). See
> documentation at http://java.sun.com/products/jsse/. 
> 
> In short, set the following System properties:
> 	java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
> 	javax.net.ssl.keyStore=<keystore_file>
> 	javax.net.ssl.keyStoreType=JKS
> 	javax.net.ssl.keyStorePassword=<keystore_password>
> 	javax.net.ssl.trustStore=<truststore_file>
> 	javax.net.ssl.trustStoreType=JKS
> 	javax.net.ssl.trustStorePassword=<truststore_password>
> 
> Both the truststore and the keystore are Java Keystores, i.e. 
> containers of
> keys and certificates. The truststore contains trusted 
> certificates, i.e.
> trusted issuers of certificates (CA). The keystore contains 
> your private key
> and the associated public key certificate. The keystore is 
> only necessary if
> you are using client-authentication & SSL (which isn't so common).
> 

I've gotten past the original error but am still confused.  Please 
verify that when I include -Djavax.net.ssl.trustStore=<file> on 
the server command line it sets the system property 
javax.net.ssl.trustStore.  I'm new to Java, and this is One Of 
Those Things that's so obvious and basic it never appears anywhere.

There are now two different behaviors:

Server and Client on same system and I set the trustStore system
property:  Works, but Server prints warning messages about an
unauthenticated peer.  How can I make it stop doing that?  And
why does it care when I have clientAuth="false" in the relevant
Factory element in %CATALINA_HOME%\conf\server.xml?

(Server and Client on same system, and I DON'T set the trustStore
system property) OR (Server and Client on different systems).  I always get 
"javax.net.ssl.SSLHandShakeException:
java.security.cert.CerificateException:
Couldn't find trusted certificate".

I'm missing something important here but can't see what.  Any guidance?

Michael D. Spence
Mockingbird Data Systems, Inc.
M

Mime
View raw message