Hi Zoltan,
You can also consider not handling the certificate yourself. When you deploy
Axis on a webserver, you can ask the webserver to authenticate using client
certificates for the axis web application. Depending on whether the default
behavior works for you, this can turn out to be the
because we
need that level of security in our deployment environment.
Food for thought.
-Jon
-Original Message-
From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
Sent: Monday, March 15, 2004 10:37 PM
To: [EMAIL PROTECTED]
Subject: Re: Web Service Security - what's the best way
http://ws.apache.org/ws-fx/wss4j/
--- [EMAIL PROTECTED] wrote:
Hi people,
I am considering two different ways of using Certificate based authentication of a
client
connecting to our Web Service:
1. Certificate is contained in the HTTPS request. I intercept the Request in my Web
