ws-soap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark O'Leary <mark_ole...@centegy.com>
Subject RE: SSL Client Auth. Example
Date Fri, 03 Nov 2000 15:56:42 GMT
Hi Darrel,

Allow me to introduce myself.  Mark O'Leary from Centegy Corp in California.
We are a B2B integration company that are looking to implement secure soap.
Would you be able to pass on the sample code that deals with the certificate
side of JSSE.

Thanks,
Mark

-----Original Message-----
From: Nathan Wray [mailto:nwray@mich.com]
Sent: Friday, November 03, 2000 1:33 AM
To: Darrel Drake; soap-dev@xml.apache.org
Subject: Re: SSL Client Auth. Example



The file is a java keystore file, you can create one from a certificate with
the command
keytool -import -alias <alias> -keystore <newkeystorefile.ks> -file
<certificate.crt>

keytool is part of the Sun jdk distribution.

In general the null for the password field should be replaced with a
character array representing
the server keystore password (see the client keystore field example).


Darrel Drake wrote:

> Hello Mr. Wray, I'm just a starter with SSL here so excuse my ignorance.
>
> I looked at your code, particularly this line:
>
> <<ks.load(new FileInputStream(serverCertificateFile), null);>>
>
> and I wonder how you formatted the serverCertificateFile. Is it a
> java-keytool-generated file? If so, how could you import a server
> certificate that wasn't made in java (e.g. made using the apache
web-server
> tool)? I guess if you did export the server cert from your web server to a
> file you couldn't just refer to that file in this command, could you? Or
> could you? Is there any particular reason you left the password null?
>
> Darrell Drake       ãf?ãf¬ã'¤ã'¯ãf»ãfEURãf¬ãf«
> IBM Japan, TRL      æ-¥æoe¬ ã'¢ã'¤ï½¥ãf"ãf¼ãf»ã'¨ãf
> +81-46-215-4175     東京åYºç¤Zç "究æ?EUR
> EB92401@jp.ibm.com
>
> From: nathanwray <nwray@mich.com> on 2000/10/24 17:59
>
> Please respond to soap-dev@xml.apache.org
>
> To:   soap-dev@xml.apache.org
> cc:
> Subject:  Re: SSL client Certs
>
> Jeff, attached is some client code that supports client certs.  It
assumes
> JSSE.  This stuff is a little non-trivial to get configured properly so
be
> prepared to spend some time on it.  All the real work happens in the JSSE
> libs.
>
> You'll need to set up the server to require specific client certs, this is
> an Apache config issue but I think it's pretty well documented if you look
> around.  YMMV.
>
> This is based on some demo code I got from Chris Barrett at Thyron Ltd.,
> and I think he based it off someone else's work.  Kudos to those
involved.
>
> -Nathan
>
> "Simpson, Jeff" wrote:
>
> Does Secure SOAP support certs on both the Server and the Client.  We
want
> to issue our clients certs and require them when they connect
>
> Jeffrey V. Simpson
> Senior Software Engineer
> iFINANCE
> Phone: 202.833.4949
> Fax: 202.833.3819
> URL: http://www.ifinance.com
>
> --
> Nathan Wray
> nwray@mich.com
> --
> If you lend someone $20, and never see that
> person again, it was probably worth it.
>
> (See attached file: ClientWithCertExample.java)
>
>   ------------------------------------------------------------------------
>                                  Name: ClientWithCertExample.java
>    ClientWithCertExample.java    Type: JAVA File
(application/x-unknown-content-type-javaFile)
>                              Encoding: base64

--
Nathan Wray
nwray@mich.com
--
|
|  "Currently, developers struggle to
|  make their distributed applications
|  work across the Internet when
|  firewalls get in the way.
|   [...]
|  Since SOAP [Simple Object Access Protocol]
|  relies on HTTP as the transport
|  mechanism, and most firewalls allow
|  HTTP to pass through, you'll have no
|  problem invoking SOAP endpoints
|  from either side of a firewall."
|
|    -- Microsoft, on how SOAP uses HTTP
|    tunneling to circumvent network security
|
|  http://msdn.microsoft.com/library/periodic/period00/soap.htm
|


Mime
View raw message