axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kancansan <kancan...@gmail.com>
Subject Axis2 with SSL Host Name Verification
Date Tue, 04 Nov 2008 08:32:02 GMT

Hi All,

I am using axis2 and tomcat. 
I would like to use ssl with two way authentication and host name
verification. 
For this purpose, I did the followings;

1-Create ssl server keystore and certificate with keytool.
2-Create client keystore and certificate with keytool.
3-Create server trusted keystore and import client certificate in it.
4-Create client trusted keystore and import server certificate in it.


In tomcat's server.xml. I did the following things;

		<Connector SSLEnabled="true" clientAuth="true"
			keystoreFile="D:\SSL\server.keystore" keystorePass="pass"
			keystoreType="jks"  
			truststoreFile="D:\SSL\servertrusted.keystore" 
			truststorePass="pass"
			truststoreType="jks" maxThreads="150" port="8443"
			protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" />

And in java code, I set the some properties like;

        System.setProperty("javax.net.ssl.trustStore",
"D:/SSL/clienttrusted.keystore");
        System.setProperty("javax.net.ssl.trustStorePassword", "pass");
        System.setProperty("javax.net.ssl.trustStoreType", "jks");        

    	System.setProperty("javax.net.ssl.keyStore", "D:/SSL/client.keystore");
        System.setProperty("javax.net.ssl.keyStorePassword", "pass");
        System.setProperty("javax.net.ssl.keyStoreType", "jks");

Up to now; everything worked great. But i have no idea how could i manage
host name verification.
In axis2.xml, there is something like that;


    <!-- the non-blocking https transport sender based on HttpCore + NIO SSL
extensions
    <transportSender name="https"
class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
        <parameter name="non-blocking" locked="false">true</parameter>
        <parameter name="keystore" locked="false">
            <KeyStore>
                <Location>identity.jks</Location>
                <Type>JKS</Type>
                <Password>password</Password>
                <KeyPassword>password</KeyPassword>
            </KeyStore>
        </parameter>
        <parameter name="truststore" locked="false">
            <TrustStore>
                <Location>trust.jks</Location>
                <Type>JKS</Type>
                <Password>password</Password>
            </TrustStore>
        </parameter>-->
        <!--<parameter
name="HostnameVerifier">DefaultAndLocalhost</parameter>
            supports Strict|AllowAll|DefaultAndLocalhost or the default if
none specified -->
    <!--</transportSender>-->


How can i set above's parameter?
what is the difference between above and tomcat's server.xml settings?

In axis2, I get the stub like;

SampleStub stub = new SampleStub("https://.....");

is there any option should i set?

I am waiting your answers.

Thanks.

--
kancansan





-- 
View this message in context: http://www.nabble.com/Axis2-with-SSL-Host-Name-Verification-tp20318060p20318060.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message