Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 5733 invoked from network); 20 Dec 2006 05:51:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 20 Dec 2006 05:51:29 -0000 Received: (qmail 72796 invoked by uid 500); 20 Dec 2006 05:51:24 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 72776 invoked by uid 500); 20 Dec 2006 05:51:24 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 72765 invoked by uid 99); 20 Dec 2006 05:51:24 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Dec 2006 21:51:24 -0800 X-ASF-Spam-Status: No, hits=2.5 required=10.0 tests=HTML_MESSAGE,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [203.91.193.23] (HELO wip-ectls-mx3.wipro.com) (203.91.193.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Dec 2006 21:51:14 -0800 Received: from wip-ectls-mx3.wipro.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with ESMTP id 1A58022417C for ; Wed, 20 Dec 2006 11:20:51 +0530 (IST) Received: from blr-ec-bh02.wipro.com (blr-ec-bh02.wipro.com [10.201.50.92]) by wip-ectls-mx3.wipro.com (Postfix) with ESMTP id 04D64224127 for ; Wed, 20 Dec 2006 11:20:51 +0530 (IST) Received: from HYD-MDP-MBX01.wipro.com ([10.150.50.182]) by blr-ec-bh02.wipro.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 20 Dec 2006 11:20:51 +0530 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C723FA.CDD7A10A" Subject: RE: Accessing axis2 based web service with https Date: Wed, 20 Dec 2006 11:25:03 +0530 Message-ID: <20D88322B9D55444A327FEB661C303900368B680@HYD-MDP-MBX01.wipro.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Accessing axis2 based web service with https Thread-Index: Accjr8+bUt5/4NsgRlKu9Ax9hUY45wAAmfngABInToA= From: To: X-OriginalArrivalTime: 20 Dec 2006 05:50:51.0311 (UTC) FILETIME=[CE4A23F0:01C723FA] X-Virus-Checked: Checked by ClamAV on apache.org ------_=_NextPart_001_01C723FA.CDD7A10A Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Gul, =20 >>>Then I have created a certificate using keytool and imported it into= client's truststore.=20 I assume that if you don't need client authentication, then there is no= need to create another certificate for client. The tomcat servers certificate should be imported to your clients= truststore. =20 If both client and server authentication is needed then your clients= certificate should be imported in your server's keystore. =20 And all this is needed only if your certificates are self-signed. =20 Others any different opinions??? =20 Regards, Subir S ________________________________ From: Gul Onural [mailto:onural@nortel.com]=20 Sent: Wednesday, December 20, 2006 2:45 AM To: axis-user@ws.apache.org; Martin Gainty Subject: RE: Accessing axis2 based web service with https =20 Thanks Martin. =20 My understanding is that the keyStore and keyStorePassword are required on= the server side, not in the client side. That is why I haven't set these attributes in the client code.=20 =20 Is my understanding wrong ? =20 The keytool -list properly lists my certificate by the way, but client= cannot invoke any operations through https.. =20 Is there anyone successfully used https to invoke any web service operation= using Axis2 1.1 release or nightly ? If yes, can you share the details ? Thanks, =20 Gul =20 =20 ________________________________ From: Martin Gainty [mailto:mgainty@hotmail.com]=20 Sent: Tuesday, December 19, 2006 3:53 PM To: axis-user@ws.apache.org Subject: Re: Accessing axis2 based web service with https I didnt see jeyStore and keyStorePassword attributes javax.net.ssl.keyStore /*full path to .ks (Keysore) file*/ javax.net.ssl.keyStorePassword /*Password that protects keyfile */ also.. if you had used this command to import the cert NameOfCert.crt into the= keyfile NameOfKeyStoreFile keytool -import=20 -keystore NameOfKeyStoreFile -alias cert_server=20 -storepass changeit -file NameOfCert.crt then you should verify the certificate is properly imported into keystore= with keytool -list -keystore NameOfKeyStoreFile=20 -alias cert_server -storepass changeit=20 -v Anyone else? M- ---------------------------------------------------------------------------= =20 This e-mail message (including attachments, if any) is intended for the use= of the individual or entity to which it is addressed and may contain= information that is privileged, proprietary , confidential and exempt from= disclosure. If you are not the intended recipient, you are notified that= any dissemination, distribution or copying of this communication is= strictly prohibited. ---------------------------------------------------------------------------= =20 Le pr=E9sent message =E9lectronique (y compris les pi=E8ces qui y sont= annex=E9es, le cas =E9ch=E9ant) s'adresse au destinataire indiqu=E9 et= peut contenir des renseignements de caract=E8re priv=E9 ou confidentiel.= Si vous n'=EAtes pas le destinataire de ce document, nous vous signalons= qu'il est strictement interdit de le diffuser, de le distribuer ou de le= reproduire. ----- Original Message -----=20 From: Gul Onural =20 To: axis-user@ws.apache.org=20 Sent: Tuesday, December 19, 2006 3:22 PM Subject: Accessing axis2 based web service with https=20 =20 =20 Hi,=20 I have followed tomcat https/ssl configuration document under= http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html= =20 to configure tomcat for https/ssl.=20 Then I have created a certificate using keytool and imported it into= client's truststore.=20 I have added the following two properties to my client code :=20 System.setProperty("javax.net.ssl.trustStore", "truststore path");=20 System.setProperty("javax.net.ssl.trustStorePassword", "password");=20 I am using Axis2 1.1 branch nightly and getting "PKIX path building= failed" exception.=20 What else needs to be done to get the a client working with https ?=20 Gul=20 =20 INFO: I/O exception (org.apache.axis2.AxisFault) caught when processing= request: sun.security.validator.ValidatorExce=20 ption: PKIX path building failed:= sun.security.provider.certpath.SunCertPathBuilderException: unable to find= valid certification=20 path to requested target; nested exception is:=20 com.ctc.wstx.exc.WstxIOException:= sun.security.validator.ValidatorException: PKIX path building failed:= sun.s=20 ecurity.provider.certpath.SunCertPathBuilderException: unable to find= valid certification path to requested target=20 Dec 19, 2006 3:12:45 PM org.apache.commons.httpclient.HttpMethodDirector= executeWithRetry=20 INFO: Retrying request=20 The information contained in this electronic message and any attachments to= this message are intended for the exclusive use of the addressee(s) and= may contain proprietary, confidential or privileged information. If you= are not the intended recipient, you should not disseminate, distribute or= copy this e-mail. Please notify the sender immediately and destroy all= copies of this message and any attachments.=20 WARNING: Computer viruses can be transmitted via email. The recipient= should check this email and any attachments for the presence of viruses.= The company accepts no liability for any damage caused by any virus= transmitted by this email. =20 www.wipro.com ------_=_NextPart_001_01C723FA.CDD7A10A Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Accessing axis2 based web service with https

Hi= Gul,

 

>>>Then I have created a certificate using keytool and imported it into client's= truststore.

I assume that= if you don’t need client authentication, then there is no need to create= another certificate for client.

The tomcat= servers certificate should be imported to your clients= truststore.

 

If both client= and server authentication is needed then your clients certificate should be imported in your server’s keystore.

 

And all this= is needed only if your certificates are= self-signed.

 

Others any= different opinions???

 

Regards,=

Subir= S

From: Gul= Onural [mailto:onural@nortel.com]
Sent: Wednesday, December= 20, 2006 2:45 AM
To: axis-user@ws.apache.org; Martin Gainty
Subject: RE: Accessing axis2= based web service with https

 

Thanks= Martin.

 

My understanding is that the keyStore= and keyStorePassword are required on the server side, not in the client= side.

That is why I haven't set these= attributes in the client code.

 

Is my understanding wrong= ?

 

The keytool -list properly lists my certificate by the way, but client cannot invoke any operations through= https..

 

Is there anyone successfully used= https to invoke any web service operation using Axis2 1.1 release or nightly= ?

If yes, can you share the details ?= Thanks,

 

Gul

 

 

From:= Martin Gainty [mailto:mgainty@hotmail.com]=
Sent: Tuesday, December 19,= 2006 3:53 PM
To: axis-user@ws.apache.org
Subject: Re: Accessing axis2= based web service with https

I didnt see jeyStore and keyStorePassword= attributes

javax.net.ssl.keyStore /*full path to .ks (Keysore)= file*/

javax.net.ssl.keyStorePassword /*Password that protects keyfile= */

also..

if you had used this command to import the cert NameOfCert.crt into the keyfile NameOfKeyStoreFile

keytool -import 

-keystore NameOfKeyStoreFile





-alias cert_server 

-storepass changeit

-file NameOfCert.crt

then you should verify the certificate is properly imported into keystore with

keytool -list -keystore NameOfKeyStoreFile 

-alias cert_server

-storepass changeit 

-v
Anyone else?

M-

--------------------------------------------------------= -------------------
This e-mail message (including attachments, if any) is intended for the use= of the individual or entity to which it is addressed and may contain= information that is privileged, proprietary , confidential and exempt from disclosure.= If you are not the intended recipient, you are notified that any= dissemination, distribution or copying of this communication is strictly prohibited.
---------------------------------------------------------------------------=
Le pr=E9sent message =E9lectronique (y compris les pi=E8ces qui y sont= annex=E9es, le cas =E9ch=E9ant) s'adresse au destinataire indiqu=E9 et peut contenir des renseignements de caract=E8re priv=E9 ou confidentiel. Si vous n'=EAtes pas= le destinataire de ce document, nous vous signalons qu'il est strictement= interdit de le diffuser, de le distribuer ou de le= reproduire.

----- Original Message -----=

From:= Gul= Onural

Sent: Tuesday,= December 19, 2006 3:22 PM

Subject: Accessing= axis2 based web service with https

 

 

Hi,

I have followed tomcat https/ssl configuration document under= http://tomcat.apache.org/tomcat-5.5= -doc/ssl-howto.html
to configure tomcat for https/ssl.

Then I have created a certificate using keytool and imported it into client's= truststore.

I have added the following two properties to my client code :=
System.setProperty("javax.net.ssl.trustStore", "truststore path");=
System.setProperty("javax.net.ssl.trustStorePassword", "password"<= /span>);

I am using Axis2 1.1 branch nightly and getting "PKIX path building failed" exception.
What else needs to be done to get the a client working with https= ?

Gul

 

INFO: I/O exception (org.apache.axis2.AxisFault) caught when processing request: sun.security.validator.ValidatorExce
ption: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification

path to requested target; nested exception is:
      = ;  com.ctc.wstx.exc.WstxIOException:= sun.security.validator.ValidatorException: PKIX path building failed: sun.s
ecurity.provider.certpath.SunCertPa= thBuilderException: unable to find valid certification path to requested target=
Dec 19, 2006 3:12:45 PM org.apache.commons.httpclient.HttpMethodDirector executeWithRetry
INFO: Retrying request


The information contained in this electronic message and any attachments to= this message are intended for the exclusive use of the addressee(s) and= may contain proprietary, confidential or privileged information. If you= are not the intended recipient, you should not disseminate, distribute or= copy this e-mail. Please notify the sender immediately and destroy all= copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient= should check this email and any attachments for the presence of viruses.= The company accepts no liability for any damage caused by any virus= transmitted by this email.

www.wipro.com
------_=_NextPart_001_01C723FA.CDD7A10A--