Hi,
When you access an https endpoint, the certificate of that endpoint
should be validated whether it can be trusted. This validation is based
on, whether we trust any of the CA's of the certificate. This is same as
what happened in a browser. If you access any https and if the browser
can't validate the trust path, it will not allow (or give you a warning)
to access the end point. AFAIK, in Axis2/C, we give the certificate
chain file to verify this. I think, soapUI allows you access the
endpoint without validating the certificate.
Regards,
Shankar
Vivian Wang wrote:
Hi, there,
I have a web service client using axis2/c to access a Salesforce.com web site
that is protected with SSL (the url starts with https://). I didn't give a
certificate chain file path in the configuration file axis2.xml, so the web
service client failed. However, if I use soapUI (a free downloaded web service
testing tool) to access the same serivce without giving any SSL related setting
(just like accessing a service starting with http://), it all goes fine. What
is the difference here? Is there any setting I can do in axis2/c to make it
work as soapUI?
I noticed another similar thing. When a wsdl parser (from axis-j 1.4) tring to
retrieve a SSL-protected wsdl (I set it up in TOMCAT) using a URL that starts
with https:, I have a provide a client keystore (using jsse
system.setProperty(....)) otherwise I will get an error saying something like
trustedstore not found, but soapUI was just fine loading the same wsdl. What's
really going on?
Any help is much appreciated!
Vivian
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
S.Uthaiyashankar
Software Architect
WSO2 Inc.
http://wso2.com/ - "The Open Source SOA Company"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
