axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From StrongSteve <>
Subject Re: Axis 2 - SSL with Client Authentication
Date Wed, 27 Aug 2008 14:06:57 GMT

Hi Everyone!

First of all, thanks for the quick answers.

I think now I am a step further, but I haven't quite reached the goal.

Thanks for the introduction on the client side, this is exactly what I am
doing! ;)

On the server side I have two file:

   - The .keystore contains my server certificate (key)
   - The .truststore contains the certificate (key) [This key comes from the
client's .keystore]

I was missing the entry "clientAuth=true" in the Tomcat's server.xml. Thanks
for the tip!

After changing this and restarting the Tomcat I have come accross two

1.) When browsing to the WSDL-File with Firefox, I can not see anything, as
I do not have a valid client certificate. I tried to import a certificate,
that I exported with the keytool from the client's .keystore, but it is
rejected as it is not a valid PK-12. Any hints?

2.) My client can connect to the server, and I think that everything is
working - at least from the view of SSL. But the problem is that I get the
following error message: "Exception in thread "main"
org.apache.axis2.AxisFault: The service cannot be found for the endpoint
reference (EPR) https://XXXX:8443/axis2/services/RepositoryService"

How can I configure this EPR in the services.xml?

Thanks in Advance!

SGruverman wrote:
> First, I haven't used any of the Axis2 HTTPS support you mentioned. I
> don't
> know if this is typical of Axis2 web services, but most references I've
> seen to SSL use the facilities of the app server and
> Couple of questions to get started:
>    Is the "standard" SSL working (other than the client authentication)?
>    Does your Tomcat config include clientAuth="true"?
>    Does your Tomcat config include settings for keystorefile and
>    keystorepass as well as truststorefile and truststorepass?
>    On the server, the keystore contains the SSL certificate and the
>    truststore contains the certificate *of the Certificate Authority that
>    signed the certificate that the client is using for client
>    authentication.*
>    (I find this confusing - to keep it simple, I use the same keystore for
>    both. Not a "best practice", I think).
>    Does your client System.setProperty() for,
>    trustStorePassword, keyStore and keyStorePassword?
>    Here.  the keystore contains the SSL client authentication certificate
>    and the truststore contains the certificate *of the Certificate
>    Authority that signed the server SSL certificate*.
> Another useful property to set is - set it to "ssl" to get
> a bunch of SSL diagnostics.
> I'm still pretty new to this stuff, so I'm not certain of this information
> (but it seems to work for us). Please jump in and correct me if I'm wrong!
> Anyway, I hope this helps.
> - Steve
> ______________________________________________
> Steve Gruverman, Programmer
> IntelliCare, Inc. | A Medco Health Solutions Company
> 500 Southborough Drive | South Portland ME 04106
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Axis - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message