Hi Jamie, Please find my comments inline. >> I guess the problem lies on the fact that the server you are using >> could not verify your client certificate as valid. Check the server >> logs and see if such an error occurs. For instant, if you are using >> a self signed certificate as the client certificate, you need to add >> that to the server's CA certificate list. > > Well, it's the same client certificate that the other client uses. I've > also tried not using a client certificate at all (the server doesn't > require the client certificate for authentication).
If that is the case, only use the SERVER_CERT parameter and comment out the rest of the parameters, so that they won't make any side effects. :) > I have tried two > certificates for the server : the ca cert, and the server cert (gained > from using the 'openssl s_client -connect' command in the Axis2 docs), > neither gave any different errors. As I mentioned in a previous email, even though the document say that you can use the server cert itself, if it is not self signed, you can't use it anymore (due to the inclusion of certificate verification). i.e., you have to provide the CA certificate. However, I think we need to add a way to allow the user to specify if verification should be done at all. But since we are on the verge of a release, I would rather do that after the release. One thing you can do is to check what openssl returns when it verifies the server certificate. use the following command and send it's output. openssl s_client -CAfile path_to_your_cacert -connect server:port Look especially at the final line. if it says "Verify return code: 0 (ok)" then verification should be all fine. Regards, Dumindu.
signature.asc
Description: OpenPGP digital signature
