axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From StrongSteve <ste...@starkeweb.org>
Subject Re: Axis 2 - SSL with Client Authentication
Date Wed, 27 Aug 2008 14:06:57 GMT

Hi Everyone!

First of all, thanks for the quick answers.

I think now I am a step further, but I haven't quite reached the goal.

Thanks for the introduction on the client side, this is exactly what I am
doing! ;)

On the server side I have two file:

   - The .keystore contains my server certificate (key)
   - The .truststore contains the certificate (key) [This key comes from the
client's .keystore]

I was missing the entry "clientAuth=true" in the Tomcat's server.xml. Thanks
for the tip!

After changing this and restarting the Tomcat I have come accross two
problems:

1.) When browsing to the WSDL-File with Firefox, I can not see anything, as
I do not have a valid client certificate. I tried to import a certificate,
that I exported with the keytool from the client's .keystore, but it is
rejected as it is not a valid PK-12. Any hints?

2.) My client can connect to the server, and I think that everything is
working - at least from the view of SSL. But the problem is that I get the
following error message: "Exception in thread "main"
org.apache.axis2.AxisFault: The service cannot be found for the endpoint
reference (EPR) https://XXXX:8443/axis2/services/RepositoryService"

How can I configure this EPR in the services.xml?

Thanks in Advance!
Stefan


SGruverman wrote:
> 
> First, I haven't used any of the Axis2 HTTPS support you mentioned. I
> don't
> know if this is typical of Axis2 web services, but most references I've
> seen to SSL use the facilities of the app server and javax.net.
> 
> Couple of questions to get started:
>    Is the "standard" SSL working (other than the client authentication)?
>    Does your Tomcat config include clientAuth="true"?
>    Does your Tomcat config include settings for keystorefile and
>    keystorepass as well as truststorefile and truststorepass?
>    On the server, the keystore contains the SSL certificate and the
>    truststore contains the certificate *of the Certificate Authority that
>    signed the certificate that the client is using for client
>    authentication.*
>    (I find this confusing - to keep it simple, I use the same keystore for
>    both. Not a "best practice", I think).
> 
>    Does your client System.setProperty() for javax.net.ssl.trustStore,
>    trustStorePassword, keyStore and keyStorePassword?
>    Here.  the keystore contains the SSL client authentication certificate
>    and the truststore contains the certificate *of the Certificate
>    Authority that signed the server SSL certificate*.
> 
> Another useful property to set is javax.net.debug - set it to "ssl" to get
> a bunch of SSL diagnostics.
> 
> I'm still pretty new to this stuff, so I'm not certain of this information
> (but it seems to work for us). Please jump in and correct me if I'm wrong!
> 
> Anyway, I hope this helps.
> 
> - Steve
> 
> ______________________________________________
> Steve Gruverman, Programmer
> IntelliCare, Inc. | A Medco Health Solutions Company
> 
> 500 Southborough Drive | South Portland ME 04106
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Axis-2---SSL-with-Client-Authentication-tp19180080p19181697.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message