tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Trouble calling a secure Web Service requiring client certificate
Date Tue, 23 Jun 2009 20:41:07 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank,

On 6/22/2009 4:37 PM, frank.bowar wrote:
> I used WSDL2Java to create stubs for the Web Service I am connecting to.
> Here is my code that wraps around the generated stubs:

[snip]

I didn't see any SSL or cert stuff in there.

> The only method in the stubs that I modified was sendData() to include the
> username/password in the soap header.  Here is that code:

[snip]

Nor here.

>> Your code may have to become a lot more complicated in order 
>> to make a connecting using a client certificate while running 
>> within Tomcat.
> 
> I hope not ... it seems like I'm so close.

Where do you choose the client certificate that the server expects to
receive?

>> Or, you may have to override the keystore on 
>> Tomcat's command-line so that these system properties are set 
>> /before/ Tomcat tried to load anything itself.
> 
> I added the following to the Tomcat startup command:
> 
> -Djavax.net.ssl.trustStore="C:/certs/datahub.keystore"
> -Djavax.net.ssl.trustStorePassword="wintwins"
> -Djavax.net.ssl.keyStore="C:/certs/SDXWebservice.pfx"
> -Djavax.net.ssl.keyStorePassword="137246?82"
> -Djavax.net.ssl.keyStoreType="PKCS12"
> 
> with no difference in the way things are running.  I think my truststore
> file is being used because if I don't define the truststore, the
> communication process traps out much sooner.

Apparently, choosing only the keystore is not sufficient. I must admit I
don't have really any experience with client certificates and don't
understand the whole SSL handshake process that would end up selecting a
certificate.

When you say that it "doesn't work", what /does/ happen when you try to
run this code?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkpBPeMACgkQ9CaO5/Lv0PAgKwCeJ1BG4CU1658AIFJn38OeuqtF
L4kAn2qXGsB+MN2BAcSxNiTqgrRr05dl
=lQQ5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message