axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject RE: Accessing axis2 based web service with https
Date Wed, 20 Dec 2006 05:55:03 GMT

Hi Gul,


>>>Then I have created a certificate using keytool and imported it into client's

I assume that if you don't need client authentication, then there is no need to create another
certificate for client.

The tomcat servers certificate should be imported to your clients truststore.


If both client and server authentication is needed then your clients certificate should be
imported in your server's keystore.


And all this is needed only if your certificates are self-signed.


Others any different opinions???



Subir S


From: Gul Onural [] 
Sent: Wednesday, December 20, 2006 2:45 AM
To:; Martin Gainty
Subject: RE: Accessing axis2 based web service with https


Thanks Martin.


My understanding is that the keyStore and keyStorePassword are required on the server side,
not in the client side.

That is why I haven't set these attributes in the client code. 


Is my understanding wrong ?


The keytool -list properly lists my certificate by the way, but client cannot invoke any operations
through https..


Is there anyone successfully used https to invoke any web service operation using Axis2 1.1
release or nightly ?

If yes, can you share the details ? Thanks,






From: Martin Gainty [] 
Sent: Tuesday, December 19, 2006 3:53 PM
Subject: Re: Accessing axis2 based web service with https

I didnt see jeyStore and keyStorePassword attributes /*full path to .ks (Keysore) file*/ /*Password that protects keyfile */


if you had used this command to import the cert NameOfCert.crt into the keyfile NameOfKeyStoreFile

keytool -import 

-keystore NameOfKeyStoreFile

-alias cert_server 

-storepass changeit

-file NameOfCert.crt

then you should verify the certificate is properly imported into keystore with

keytool -list -keystore NameOfKeyStoreFile 

-alias cert_server

-storepass changeit 

Anyone else?


This e-mail message (including attachments, if any) is intended for the use of the individual
or entity to which it is addressed and may contain information that is privileged, proprietary
, confidential and exempt from disclosure. If you are not the intended recipient, you are
notified that any dissemination, distribution or copying of this communication is strictly
Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant)
s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé
ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il
est strictement interdit de le diffuser, de le distribuer ou de le reproduire.

	----- Original Message ----- 

	From: Gul Onural <>  


	Sent: Tuesday, December 19, 2006 3:22 PM

	Subject: Accessing axis2 based web service with https 




	I have followed tomcat https/ssl configuration document under
	to configure tomcat for https/ssl. 

	Then I have created a certificate using keytool and imported it into client's truststore.

	I have added the following two properties to my client code : 
	System.setProperty("", "truststore path"); 
	System.setProperty("", "password"); 

	I am using Axis2 1.1 branch nightly and getting "PKIX path building failed" exception. 
	What else needs to be done to get the a client working with https ? 



	INFO: I/O exception (org.apache.axis2.AxisFault) caught when processing request:

	ption: PKIX path building failed:
unable to find valid certification 

	path to requested target; nested exception is: 
	        com.ctc.wstx.exc.WstxIOException: PKIX
path building failed: sun.s 
	ecurity.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target 
	Dec 19, 2006 3:12:45 PM org.apache.commons.httpclient.HttpMethodDirector executeWithRetry

	INFO: Retrying request 

The information contained in this electronic message and any attachments to this message are
intended for the exclusive use of the addressee(s) and may contain proprietary, confidential
or privileged information. If you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and destroy all copies
of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email
and any attachments for the presence of viruses. The company accepts no liability for any
damage caused by any virus transmitted by this email.
View raw message