ws-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Wray <nw...@mich.com>
Subject Re: SSL Client Auth. Example
Date Fri, 03 Nov 2000 09:33:01 GMT

The file is a java keystore file, you can create one from a certificate with the command
keytool -import -alias <alias> -keystore <newkeystorefile.ks> -file <certificate.crt>

keytool is part of the Sun jdk distribution.

In general the null for the password field should be replaced with a character array representing
the server keystore password (see the client keystore field example).


Darrel Drake wrote:

> Hello Mr. Wray, I'm just a starter with SSL here so excuse my ignorance.
>
> I looked at your code, particularly this line:
>
> <<ks.load(new FileInputStream(serverCertificateFile), null);>>
>
> and I wonder how you formatted the serverCertificateFile. Is it a
> java-keytool-generated file? If so, how could you import a server
> certificate that wasn't made in java (e.g. made using the apache web-server
> tool)? I guess if you did export the server cert from your web server to a
> file you couldn't just refer to that file in this command, could you? Or
> could you? Is there any particular reason you left the password null?
>
> Darrell Drake       ドレイク・ダレル
> IBM Japan, TRL      日本 アイ・ビー・エãƒ
> +81-46-215-4175     æ±äº¬åŸºç¤Žç ”ç©¶æ‰€
> EB92401@jp.ibm.com
>
> From: nathanwray <nwray@mich.com> on 2000/10/24 17:59
>
> Please respond to soap-dev@xml.apache.org
>
> To:   soap-dev@xml.apache.org
> cc:
> Subject:  Re: SSL client Certs
>
> Jeff, attached is some client code that supports client certs.  It assumes
> JSSE.  This stuff is a little non-trivial to get configured properly so be
> prepared to spend some time on it.  All the real work happens in the JSSE
> libs.
>
> You'll need to set up the server to require specific client certs, this is
> an Apache config issue but I think it's pretty well documented if you look
> around.  YMMV.
>
> This is based on some demo code I got from Chris Barrett at Thyron Ltd.,
> and I think he based it off someone else's work.  Kudos to those involved.
>
> -Nathan
>
> "Simpson, Jeff" wrote:
>
> Does Secure SOAP support certs on both the Server and the Client.  We want
> to issue our clients certs and require them when they connect
>
> Jeffrey V. Simpson
> Senior Software Engineer
> iFINANCE
> Phone: 202.833.4949
> Fax: 202.833.3819
> URL: http://www.ifinance.com
>
> --
> Nathan Wray
> nwray@mich.com
> --
> If you lend someone $20, and never see that
> person again, it was probably worth it.
>
> (See attached file: ClientWithCertExample.java)
>
>   ------------------------------------------------------------------------
>                                  Name: ClientWithCertExample.java
>    ClientWithCertExample.java    Type: JAVA File (application/x-unknown-content-type-javaFile)
>                              Encoding: base64

--
Nathan Wray
nwray@mich.com
--
|
|  "Currently, developers struggle to
|  make their distributed applications
|  work across the Internet when
|  firewalls get in the way.
|   [...]
|  Since SOAP [Simple Object Access Protocol]
|  relies on HTTP as the transport
|  mechanism, and most firewalls allow
|  HTTP to pass through, you'll have no
|  problem invoking SOAP endpoints
|  from either side of a firewall."
|
|    -- Microsoft, on how SOAP uses HTTP
|    tunneling to circumvent network security
|
|  http://msdn.microsoft.com/library/periodic/period00/soap.htm
|



Mime
View raw message