Hi Kelvin,
If you didn't know this already:
You do *not* have to set ssl parameters *both* in axis2.xml and in your
client code. We have given the user the option to choose which he prefers.
Please further comments inline.
Regards,
Dumindu.
In short, I configure axis2.xml as:
<transportSender name="https" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
</transportSender>
<!--<parameter
name="SERVER_CERT">E:/Project/VS8/Axis2_prototype/debug/TrustList.pem</parameter>-->
<!--<parameter
name="KEY_FILE">E:\Project\VS8\Axis2_prototype\debug\TrustList.pem</parameter>
<parameter name="SSL_PASSPHRASE">passphrase</parameter>-->
<!-- --> tag in XML makes whatever it encloses a comment. Thus, in the
above, SERVER_CERT parameter is not set. Only the client key's pass
phrase, which you don't need, is set from the above configuration.
Since you have mentioned that you don't need client authentication,
please remove the last two lines, so that you don't have unnecessary stuff:
<transportSender name="https" class="axis2_http_sender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
</transportSender>
<parameter
name="SERVER_CERT">E:/Project/VS8/Axis2_prototype/debug/TrustList.pem</parameter>
Then run your axis client making sure that the AXIS2C_HOME is set to the
directory where the now edited axis2.xml resides.
Also your epr should start with https://
If this doesn't work, there is no point in trying setting these
parameters in client code.
And I create TrustList.pem file following the manual of Axis2/C:
For testing purposes, you can use the server's certificate instead of
the CA certificate. You can obtain this by running the command |openssl
s_client -connect <servername>:<port>| and copying the portion of the
output bounded by and including:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Get the content of this file is:
-----BEGIN
CERTIFICATE-----
MIIB7TCCAVagAwIBAgIEPygs+DANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJV
UzEMMAoGA1UEChMDSUJNMQwwCgYDVQQLEwNTV0cxEDAOBgNVBAMTB2pzZXJ2ZXIw
HhcNMDMwNzMwMjAzOTIwWhcNMjExMDEzMjAzOTIwWjA7MQswCQYDVQQGEwJVUzEM
MAoGA1UEChMDSUJNMQwwCgYDVQQLEwNTV0cxEDAOBgNVBAMTB2pzZXJ2ZXIwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIQhMysAHrupK8YLnu54xipwbYfJw1ac
xMSNQPphN2ZQEznGNp1E8tONwN4RJ4nCW/5mQRFkErOUJW3ZQKP/gwK37HwKz1+V
OVOlQ9fitArsnEZTeqzdmBLa+vx7B7bZ8bIRPzI0CeWgQiYZZjSCsZz8JcQZxLM6
ob9mKE28VeZvAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAEPCRwEUBxz6+9A5/AoPB
LiYInrowLfY+w3xJyDCie+GneLnirL+1HXRBbNOJYQTCpzN00Cgq2M/LU6tUeeZQ
3gwidiqFUculi2Z+8wd60q8vy6qdJ1kvg9atwMdQV2LFf7TPNccmULD9/LV9h3AV
oBbsFukZAroF0ZvO+/4vrIk=
-----END CERTIFICATE-----
This is fine.
My colleague once tried to
send soap message created by gsoap,
although the message itself is wrong. But he still get some error
message back and in the console of the server, there are some error
messages like I mentioned before.
can you send those error messages? even if that is not axis2 we may be
able to get an idea about what's going wrong.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
