ws-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark O'Leary <>
Subject RE: SSL Client Auth. Example
Date Fri, 03 Nov 2000 15:56:42 GMT
Hi Darrel,

Allow me to introduce myself.  Mark O'Leary from Centegy Corp in California.
We are a B2B integration company that are looking to implement secure soap.
Would you be able to pass on the sample code that deals with the certificate
side of JSSE.


-----Original Message-----
From: Nathan Wray []
Sent: Friday, November 03, 2000 1:33 AM
To: Darrel Drake;
Subject: Re: SSL Client Auth. Example

The file is a java keystore file, you can create one from a certificate with
the command
keytool -import -alias <alias> -keystore <newkeystorefile.ks> -file

keytool is part of the Sun jdk distribution.

In general the null for the password field should be replaced with a
character array representing
the server keystore password (see the client keystore field example).

Darrel Drake wrote:

> Hello Mr. Wray, I'm just a starter with SSL here so excuse my ignorance.
> I looked at your code, particularly this line:
> <<ks.load(new FileInputStream(serverCertificateFile), null);>>
> and I wonder how you formatted the serverCertificateFile. Is it a
> java-keytool-generated file? If so, how could you import a server
> certificate that wasn't made in java (e.g. made using the apache
> tool)? I guess if you did export the server cert from your web server to a
> file you couldn't just refer to that file in this command, could you? Or
> could you? Is there any particular reason you left the password null?
> Darrell Drake       ãf?ãf¬ã'¤ã'¯ãf»ãfEURãf¬ãf«
> IBM Japan, TRL      æ-¥æoe¬ ã'¢ã'¤ï½¥ãf"ãf¼ãf»ã'¨ãf
> +81-46-215-4175     東京åYºç¤Zç "究æ?EUR
> From: nathanwray <> on 2000/10/24 17:59
> Please respond to
> To:
> cc:
> Subject:  Re: SSL client Certs
> Jeff, attached is some client code that supports client certs.  It
> JSSE.  This stuff is a little non-trivial to get configured properly so
> prepared to spend some time on it.  All the real work happens in the JSSE
> libs.
> You'll need to set up the server to require specific client certs, this is
> an Apache config issue but I think it's pretty well documented if you look
> around.  YMMV.
> This is based on some demo code I got from Chris Barrett at Thyron Ltd.,
> and I think he based it off someone else's work.  Kudos to those
> -Nathan
> "Simpson, Jeff" wrote:
> Does Secure SOAP support certs on both the Server and the Client.  We
> to issue our clients certs and require them when they connect
> Jeffrey V. Simpson
> Senior Software Engineer
> Phone: 202.833.4949
> Fax: 202.833.3819
> URL:
> --
> Nathan Wray
> --
> If you lend someone $20, and never see that
> person again, it was probably worth it.
> (See attached file:
>   ------------------------------------------------------------------------
>                                  Name:
>    Type: JAVA File
>                              Encoding: base64

Nathan Wray
|  "Currently, developers struggle to
|  make their distributed applications
|  work across the Internet when
|  firewalls get in the way.
|   [...]
|  Since SOAP [Simple Object Access Protocol]
|  relies on HTTP as the transport
|  mechanism, and most firewalls allow
|  HTTP to pass through, you'll have no
|  problem invoking SOAP endpoints
|  from either side of a firewall."
|    -- Microsoft, on how SOAP uses HTTP
|    tunneling to circumvent network security

View raw message