ws-soap-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Nichol" <snicholn...@scottnichol.com>
Subject Re: SOAP and HTTPS
Date Wed, 15 Sep 2004 17:21:01 GMT
I have generated keys and certs with other tools and imported them with keytool, but I have
never done the other way around.  Googling "keytool pem" and "keytool openssl" quickly reveals
that keytool cannot export the private key, but fortunately there appears to be an app someone
wrote that does export it.  The page at http://mark.foster.cc/kb/openssl-keytool.html includes
the tool and a few tips, but it is not a cookbook.

Scott Nichol

Do not send e-mail directly to this e-mail address,
because it is filtered to accept only mail from
specific mail lists.
----- Original Message ----- 
From: "Daniel Herbison" <herbison@nortelnetworks.com>
To: <soap-user@ws.apache.org>
Sent: Wednesday, September 15, 2004 10:56 AM
Subject: RE: SOAP and HTTPS


> I guess my question is how to use the keytool generated certificate file
> with perl, php, etc...
> Does HTTPS_CERT_FILE contain the keystore file or a certificate extraction
> from it?  Do I put the key that is reported by keytool -list in a separate
> file for use by HTTPS_KEY_FILE?  I've tried a number of variations but can't
> get the keytool generated keystore file to work.
> 
> -----Original Message-----
> From: Scott Nichol [mailto:snicholnews@scottnichol.com] 
> Sent: Wednesday, September 15, 2004 7:57 AM
> To: soap-user@ws.apache.org
> Subject: Re: SOAP and HTTPS
> 
> I have never tried it, but the SOAP::Lite documentation has the following
> specifically about client certificates:
> 
> SSL CERTIFICATE AUTHENTICATION
> To get certificate authentication working you need to specify three
> environment variables: HTTPS_CERT_FILE, HTTPS_KEY_FILE, and (optionally)
> HTTPS_CERT_PASS:
> 
>   $ENV{HTTPS_CERT_FILE} = 'client-cert.pem';
>   $ENV{HTTPS_KEY_FILE}  = 'client-key.pem';Crypt::SSLeay (which is used for
> https support) will take care about everything else. Other options (like CA
> peer verification) can be specified in a similar way. See Crypt::SSLeay
> documentation for more details.
> 
> 
> Those who would like to use encrypted keys may check
> http://groups.yahoo.com/group/soaplite/message/729 for details.
> 
> As far as PHP goes, the only SOAP experience I have is NuSOAP, a project on
> which I am a developer.  It does not currently support client certificates,
> although it is on the to-do list, and one of the NuSOAP users has supplied
> code he used when hard-coding NuSOAP to do client certs, so it is not a
> particularly difficult modification.
> 
> 
> Scott Nichol
> 
> Do not send e-mail directly to this e-mail address,
> because it is filtered to accept only mail from
> specific mail lists.
> ----- Original Message ----- 
> From: "Daniel Herbison" <herbison@nortelnetworks.com>
> To: <soap-user@ws.apache.org>
> Sent: Wednesday, September 15, 2004 8:10 AM
> Subject: RE: SOAP and HTTPS
> 
> 
> > I'm unsure on how to configure things.  I got the public/private key thing
> > working in java but it seemed straight forward.  In java I just let the
> jvm
> > know where the key store was and it seemed to magically know what to do.
> I
> > can't find anything on the web talking about perl or php and keystores.
> > 
> > -----Original Message-----
> > From: Scott Nichol [mailto:snicholnews@scottnichol.com] 
> > Sent: Tuesday, September 14, 2004 7:53 PM
> > To: soap-user@ws.apache.org
> > Subject: Re: SOAP and HTTPS
> > 
> > What is the nature of your problem?  Are you running SSL code and getting
> > errors (in which case, what are the errors), or are you unsure of how to
> > configure things?
> > Scott Nichol
> > 
> > Do not send e-mail directly to this e-mail address,
> > because it is filtered to accept only mail from
> > specific mail lists.
> > ----- Original Message ----- 
> > From: "Daniel Herbison" <herbison@nortelnetworks.com>
> > To: <Soap-user@ws.apache.org>
> > Sent: Tuesday, September 14, 2004 6:54 PM
> > Subject: SOAP and HTTPS
> > 
> > 
> > > I'm trying to access a soap service, Java running under Tomcat, using
> > > Soap::Lite.  Here is the code:
> > > 
> > >  
> > > 
> > > use SOAP::Lite;
> > > 
> > >  
> > > 
> > > push @x,"userid=".$ARGV[0];
> > > 
> > > push @x,"password=".$ARGV[1];
> > > 
> > > push @x,"sip=".$ARGV[2];
> > > 
> > > push @x,"date=".$ARGV[3];
> > > 
> > > push @x,"xmlIndent=true";
> > > 
> > > $,="\t";
> > > 
> > > $\="\n";
> > > 
> > > print 'htmlParams' ,$x[0],$x[1],$x[2],$x[3];
> > > 
> > > print SOAP::Lite
> > > 
> > >         -> service('http://service...?wsdl')
> > > 
> > >         -> getIPConversations(SOAP::Data->name('htmlParams' => \@x
))
> > > 
> > >  
> > > 
> > > It works great with http and I'm now trying to get it to authenticate
> > using
> > > https and a client credential file generated with the java tool keytool.
> > > 
> > > OpenSSL and Crypt-SSLeay are installed. 
> > > 
> > >  
> > > 
> > > Does anyone know how to do this?  
> > > 
> > >  
> > > 
> > > 
> > 
> > 
> 
> 

Mime
View raw message