Hey Dumindu, Just want to make sure I understand this correctly. So if I just want to run my axis2 webserices in SSL mode, I dont need rampart. I can just use apache for that, right? But when I was reading rampart documentation, it talks about soap body encryption using SSL certs. How is that different from using apache for SSL?
My second question is, lets assume I want to use client authentication for my webservice. I have to set the following 2 variables in the httpd.conf file SSLVerifyClient require SSLVerifyDepth 1 I understand that this will force the client to send a cert with every request. But after receives the client cert, what does it do with it? does it check against a list of certs thats allowed to access the service? Is this feature built-in to axis2 or do we hv to implement it ourselves? Thanks, Subra Hi Greg, >> Sorry if this is in some documentation somewhere (I've tried and not >> found if). A cursory glance at the rampart code shows a lot of >> references to ssl and certificates. Some specific questions: >> >> Is SSL supported on server side? Client? Yes, Axis2/C supports both ssl server authentication and client authentication. Please refer to the axis2c manual [1]. I would suggest you use axis2 1.0.0 RC3 [2] or the latest svn head, since ssl transport has been updated since 0.96 release. In this case you will have to refer to the documentation from the trunk [3]. Note that ssl transport is not a feature of rampart, but of Axis2/C itself. Regards, Dumindu. [1] http://ws.apache.org/axis2/c/docs/axis2c_manual.html#ssl_client [2] http://people.apache.org/~samisa/release/1.0.0/RC3/ [3] http://svn.apache.org/viewvc/webservices/axis2/trunk/c/xdocs/docs/ axis2c_manual.html?view=co#ssl_client --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
