axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher S. Johnson" <johns...@clarkson.edu>
Subject Re: 2 Way SSL to WebLogic Server
Date Wed, 28 Sep 2005 14:34:37 GMT
Mel -

See inline..

On Tue, 27 Sep 2005, Mel Hama wrote:

> Can anyone give me some pointers on how to use 2-way ssl with an Axis
> client calling a WebLogic 8.1 web service?  I've set:
>
> System.setProperty("javax.net.ssl.keyStore", "clientstore");
> System.setProperty("javax.net.ssl.keyStorePassword", "password");
> System.setProperty("javax.net.ssl.trustStore", "truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "password");
>

Setting the JVM system properties works but I would recommend against it,
as it stops on the current properties and could open up problem later down
the road.

Another solution would be building your own custom socket factory as
described in the following thread..

http://marc.theaimsgroup.com/?l=axis-dev&m=112368752122921&w=2

> But when I call the web service it looks like the client isn't sending
> a certificate.  On the client side I get: "Caused
> by:javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure" and on the WebLogic server I get what looks like a
> handshake error there too.

Are you sure the server side is setup to trust the client certificate?
I've never configured this with WebLogic but it would be something to
check.

>
> Maybe I'm missing something here so if anyone can point me in the
> right direction, I'd appreciate it.  Oh ya, a couple of  things that
> are also bothering me are:
>
> - I specify the keyStore and password, but shouldn't I set the alias
> of the  certificate I want the client to send?

My guess is if the client keystore has more then one cert in it that JVM
takes the first one that matches with the same CA.. I could be wrong :)

> - Am I asking for too much by expecting Axis and WebLogic to
> interoperate?   But if I just do 1-way SSL, then my axis client can
> successfully talk to my WebLogic web service.

This also makes me think the server is not setup to accept the client to
to carry out mutual ssl.

>
> Thanks for any help!

Hope it helps..

> ..Mel
>

--
Chris Johnson
johnsocs@clarkson.edu

Mime
View raw message