tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Trouble calling a secure Web Service requiring client certificate
Date Mon, 22 Jun 2009 20:03:17 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank,

On 6/22/2009 3:53 PM, frank.bowar wrote:
> I've got a TOMCAT application that pulls data from a Web Service and just
> recently the Web Service was hardened to require client certificates.
>  
> I debugged all my certificate issues and got my Java class that talks to the
> Web Service working just fine as a stand-alone app.  However, I'm having
> trouble getting it to work within Tomcat.  My certificate is not being sent
> to the Web Service.

Can you post the relevant parts of your code?

> This is how I initialize my keystore and truststore:
>  
>     System.setProperty("javax.net.ssl.trustStore",
> "c:\\certs\\datahub.keystore");
>     System.setProperty("javax.net.ssl.trustStorePassword","turstpass");
>     System.setProperty("javax.net.ssl.keyStore",
> "c:\\certs\\SDXWebservice.pfx");
>     System.setProperty("javax.net.ssl.keyStorePassword","keypass");
>     System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");

Depending on what else your code does, you may have to set these values
on a KeyStore object and load it yourself. It's possible that Tomcat has
already loaded the system-wide keystore from somewhere else by the time
the above code runs, and thus does not affect anything.

Your code may have to become a lot more complicated in order to make a
connecting using a client certificate while running within Tomcat. Or,
you may have to override the keystore on Tomcat's command-line so that
these system properties are set /before/ Tomcat tried to load anything
itself.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAko/44UACgkQ9CaO5/Lv0PANYQCeM9FdzgCvPBZyIOZWzK2+fn/h
w9oAn3NPslY7Bl9gnUHUSclR6s9B+MxX
=poak
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message