axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Oinn <...@ebi.ac.uk>
Subject Re: using certificate to access wsdl file
Date Tue, 18 May 2004 22:34:20 GMT
Srikrishna,

I guess you've already done this, but have you created a client side 
certificate / private key pair using keytool -genkey? As I understood it 
we needed to generate an arbitrary public/private key pair for the 
client as well as importing the server certificate to get this to work. 
Because the communication is secured in both directions the ssl layer 
needs a public key from each end, if you haven't created a client side 
cert it won't be able to establish a communication at all with ssl.

It would seem a bit strange for the service provider to be issuing 
client side certificates, mostly because these are identities to be used 
by a particular client and as such should be maintained and held by the 
client rather than being centrally issued. The server then imports your 
client certificate (I think?)  as a trusted cert, or, more usually, uses 
the information in the certificate chain on the client certificate to 
implicitly trust it. *NOTE* I am not a java security expert, so this may 
be completely wrong, it's just my understanding as gleaned from some 
experience and a lot of web browsing.

It looks like the CN is fine, we were hitting the error earlier than the 
stage you reached when we had problems. In our case the problem was 
caused by the CN being set to 'bioplanet' (or similar) but the hostname 
being bioplanet.ac.jp or somesuch, IE throws up a warning and java 
raises an exception under this case. I don't actually think this is your 
problem, this is more to put this on the list archive in case anyone 
else runs into it :)

HTH,

Tom


Mime
View raw message