Hi Dumindu, I Suggest "certificates file", instead of "client certificate chain file" according to [1]
[1] http://www.openssl.org/docs/apps/verify.html Regards, Senaka > Well "client certificate chain" may not be the best term to use. Any > suggestions? > > -Dumindu. > > On Feb 13, 2008 2:21 PM, Dumindu Pallewela <[EMAIL PROTECTED]> wrote: >> Hi Senaka, >> >> Yes, that's why I said that he can directly use the server certificate >> :) >> >> However, in axis2 manual, what is referred to as the certificate chain >> file has nothing to do with CA verification, but client >> authentication. This is the file which has both the client certificate >> and client private key. >> >> Regards, >> Dumindu. >> >> >> On Feb 13, 2008 2:08 PM, Senaka Fernando <[EMAIL PROTECTED]> wrote: >> > Hi Dumindu, >> > >> > We've done some modifications to CA cert verification. There Vivi >> would >> > not want to store the entire cert chain locally. >> > >> > Regards, >> > Senaka >> > >> > >> > > Hi Vivian, >> > > >> > >> >> > >> (1) I looked at the manuals you refered to, it seems to me that I >> will >> > >> need >> > >> to re-compile the AXIS2/c to enable ssl. My question is this, is >> the >> > >> downloaded binary from AXIS2/c side SSL enabled? >> > > >> > > No, you have to compile source with --enable-openssl option set. >> > > >> > >> >> > >> (2) Now suppose I have an AXIS2/c based client, and an AXIS-j >> (v1.4) + >> > >> TOMCAT based server component, will the HTTPS continue to work if I >> set >> > >> up >> > >> key chain file for the client and set up keystore file for the >> > >> AXIS-J/TOMCAT >> > >> based server? Did anyone ever test this senario? and how to test? >> > > >> > > Well, I haven't tested this particular scenario myself and I'm not >> > > sure if someone else has tested it already either. But we have >> tested >> > > our https transport againts other servers and there is no reason >> that >> > > I can think of, why it would fail for TOMCAT. >> > > >> > > Of course you are welcome to test this scenario, I can help you with >> > > setting up the axis2/c client, but I am not sure how TOMCAT should >> be >> > > dealt with. However, if you can set up https for TOMCAT somehow, you >> > > can check if it is working properly, by pointing your browser to the >> > > end point url. >> > > >> > > Then the easiest way to configure AXIS2/C client is to provide the >> > > same server certificate that you have used in TOMCAT server for the >> > > SERVER_CERT parameter in axis2.xml. Note that there is no need for a >> > > key-chain file or a pass-phrase if you do not want client >> > > authentication. >> > > >> > > >> > > HTH, >> > > Dumindu. >> > > >> > > -- >> > > Dumindu Pallewela >> > > http://blog.dumindu.com >> > > GPG ID: 0x9E131672 >> > > >> > > WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com >> > > >> > >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > > For additional commands, e-mail: [EMAIL PROTECTED] >> > > >> > > >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> >> >> >> -- >> >> Dumindu Pallewela >> http://blog.dumindu.com >> GPG ID: 0x9E131672 >> >> WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com >> > > > > -- > Dumindu Pallewela > http://blog.dumindu.com > GPG ID: 0x9E131672 > > WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
