ws-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Wray <>
Subject Re: SSL Client Auth. Example
Date Fri, 03 Nov 2000 09:33:01 GMT

The file is a java keystore file, you can create one from a certificate with the command
keytool -import -alias <alias> -keystore <newkeystorefile.ks> -file <certificate.crt>

keytool is part of the Sun jdk distribution.

In general the null for the password field should be replaced with a character array representing
the server keystore password (see the client keystore field example).

Darrel Drake wrote:

> Hello Mr. Wray, I'm just a starter with SSL here so excuse my ignorance.
> I looked at your code, particularly this line:
> <<ks.load(new FileInputStream(serverCertificateFile), null);>>
> and I wonder how you formatted the serverCertificateFile. Is it a
> java-keytool-generated file? If so, how could you import a server
> certificate that wasn't made in java (e.g. made using the apache web-server
> tool)? I guess if you did export the server cert from your web server to a
> file you couldn't just refer to that file in this command, could you? Or
> could you? Is there any particular reason you left the password null?
> Darrell Drake       ドレイク・ダレル
> IBM Japan, TRL      日本 アイ・ビー・エãƒ
> +81-46-215-4175     æ±äº¬åŸºç¤Žç ”ç©¶æ‰€
> From: nathanwray <> on 2000/10/24 17:59
> Please respond to
> To:
> cc:
> Subject:  Re: SSL client Certs
> Jeff, attached is some client code that supports client certs.  It assumes
> JSSE.  This stuff is a little non-trivial to get configured properly so be
> prepared to spend some time on it.  All the real work happens in the JSSE
> libs.
> You'll need to set up the server to require specific client certs, this is
> an Apache config issue but I think it's pretty well documented if you look
> around.  YMMV.
> This is based on some demo code I got from Chris Barrett at Thyron Ltd.,
> and I think he based it off someone else's work.  Kudos to those involved.
> -Nathan
> "Simpson, Jeff" wrote:
> Does Secure SOAP support certs on both the Server and the Client.  We want
> to issue our clients certs and require them when they connect
> Jeffrey V. Simpson
> Senior Software Engineer
> Phone: 202.833.4949
> Fax: 202.833.3819
> URL:
> --
> Nathan Wray
> --
> If you lend someone $20, and never see that
> person again, it was probably worth it.
> (See attached file:
>   ------------------------------------------------------------------------
>                                  Name:
>    Type: JAVA File (application/x-unknown-content-type-javaFile)
>                              Encoding: base64

Nathan Wray
|  "Currently, developers struggle to
|  make their distributed applications
|  work across the Internet when
|  firewalls get in the way.
|   [...]
|  Since SOAP [Simple Object Access Protocol]
|  relies on HTTP as the transport
|  mechanism, and most firewalls allow
|  HTTP to pass through, you'll have no
|  problem invoking SOAP endpoints
|  from either side of a firewall."
|    -- Microsoft, on how SOAP uses HTTP
|    tunneling to circumvent network security

View raw message