axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <vincenzo.vit...@accenture.com>
Subject RE: Axis https/SSL Server Certificate Validation question
Date Wed, 22 Nov 2006 11:53:12 GMT
For avoiding certification validation, try to use the code:

AxisProperties.setProperty("axis.socketSecureFactory","org.apache.axis.c
omponents.net.SunFakeTrustSocketFactory");

it should solve your problem.


Regards,
Vicio.
 

-----Original Message-----
From: Magnus Bergman [mailto:magnus.bergman@voiceprovider.com] 
Sent: 22 novembre 2006 12.21
To: axis-user@ws.apache.org
Subject: Re: Axis https/SSL Server Certificate Validation question

This is no axis problem, but anyway,
i don't know how to bypass the certification verification.
But a solution to your problem is:

add the self signed server cert into a truststore file that you put in
your client-jar file and configure your client-app to use your shipped
trustore file? Something like this URL url =
   this.getClass().getClassLoader().getResource("truststore_in_jar");
JarURLConnection conn = (JarURLConnection) url.openConnection(); JarFile
jar = conn.getJarFile(); JarEntry entry =
jar.getJarEntry("truststore_in_jar");
InputStream is = jar.getInputStream(entry); File tmp =
File.createTempFile("certs", ".cer"); tmp.deleteOnExit();
FileOutputStream fos = new FileOutputStream(tmp); byte[] buffer = new
byte[1024]; int bytes; while( (bytes = is.read(buffer)) > 0 )
   fos.write(buffer, 0, bytes);
fos.close();
is.close();
url = tmp.toURL();
System.out.println("setting truststore to: " + url.getPath());
System.setProperty("javax.net.ssl.trustStore",url.getPath());

this will of course write a temporary truststore to your clients local
hard disk, but it works...

regards
Magnus


Luis Rivera wrote:
> 
>   Dear axis users,
> 
> I googled my way up to this point, but now I have to ask about this. I

> am sure it is being asked, but have not being able to find a way to do

> this, unless I am misunderstanding something.
> 
> OK, I want to use https for encryption using only Server side 
> authentication. I managed to create a self signed certificate for 
> tomcat, installed in a keystore and set up the server.xml file with 
> the right info. This works great, now I can use https to browse the 
> tomcat pages, axis Validation and make sure that my own Services 
> (based on axis
> 1.4) are deployed.
> 
> My WSDL is rpc/literal. so I basically locate the Service using the 
> right URL (https://host:port/axis/services/MyService) and got a 
> SSLHandshakeException!!!
> 
> So, I figured the problem might be that since the browser usually 
> prompts the user to confirm if the certificate should be trusted, now 
> my program was not able to trust the certificate. Therefore, I 
> basically added the certificate to the client jre cacerts file and 
> that solved the problem.
> 
> HOWEVER, I don't want my client to modify a file in its local hard 
> disk if possible. I want it to just ignore the fact that the 
> Certificate is not in the keystore and go on, just like I always say 
> "yes" when the browser pop up the dialog, since I am only caring for 
> encryption at this point.
> 
> So, the question is:
> 
> HOW DO i MAKE THE CLIENT BYPASS THE CERTIFICATE VERIFICATION step in 
> my client?
> 
> I believe I have to use a TrustManager and a SSL context, but I am not

> sure how to connect it to the axis Engine running under my client, 
> which is the one opening the context that matters for this and 
> subsequent connections.
> 
>   Thanks in advance, any tip will be appreciate,
>   --Luis R.
> 
> _________________________________________________________________
> Talk now to your Hotmail contacts with Windows Live Messenger. 
> http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http
> ://get.live.com/messenger/overview
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 

--
------------------------------------
Magnus Bergman
www.voiceprovider.se
Mobile +46(0)733 63 42 08
Office +46(0)8 525 080 08
Fax +46(0)8 456 96 61
Slottsbacken 6
111 30 Stockholm
------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org



This message is for the designated recipient only and may contain privileged, proprietary,
or otherwise private information.  If you have received it in error, please notify the sender
immediately and delete the original.  Any other use of the email by you is prohibited.

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message