Hi Dumindu,
As per your suggestions if client won't need any authentication, only SERVER_CERT is required. I am not sure why SERVER_CERT also required. Here server certificate may expire and so on. Is it easy to make changes in src\core\transport\http\sender\ssl\ssl_utils.c for SSL_VERIFY_NONE?? I don't want any type of validation for client. Thanks in Advance. Thanks, Ashok Dumindu Pallewela wrote: > > Hi Kelvin, > > If you didn't know this already: > You do *not* have to set ssl parameters *both* in axis2.xml and in your > client code. We have given the user the option to choose which he prefers. > > Please further comments inline. > > Regards, > Dumindu. > >> In short, I configure axis2.xml as: >> >> <transportSender name="https" class="axis2_http_sender"> >> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter> >> </transportSender> >> <!--<parameter >> name="SERVER_CERT">E:/Project/VS8/Axis2_prototype/debug/TrustList.pem</parameter>--> >> <!--<parameter >> name="KEY_FILE">E:\Project\VS8\Axis2_prototype\debug\TrustList.pem</parameter> >> <parameter name="SSL_PASSPHRASE">passphrase</parameter>--> > > <!-- --> tag in XML makes whatever it encloses a comment. Thus, in the > above, SERVER_CERT parameter is not set. Only the client key's pass > phrase, which you don't need, is set from the above configuration. > > Since you have mentioned that you don't need client authentication, > please remove the last two lines, so that you don't have unnecessary > stuff: > > <transportSender name="https" class="axis2_http_sender"> > <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter> > </transportSender> > <parameter > name="SERVER_CERT">E:/Project/VS8/Axis2_prototype/debug/TrustList.pem</parameter> > > Then run your axis client making sure that the AXIS2C_HOME is set to the > directory where the now edited axis2.xml resides. > > Also your epr should start with https:// > > If this doesn't work, there is no point in trying setting these > parameters in client code. >> >> And I create TrustList.pem file following the manual of Axis2/C: >> >> For testing purposes, you can use the server's certificate instead of >> the CA certificate. You can obtain this by running the command |openssl >> s_client -connect <servername>:<port>| and copying the portion of the >> output bounded by and including: >> >> -----BEGIN CERTIFICATE----- >> -----END CERTIFICATE----- >> >> Get the content of this file is: >> >> -----BEGIN >> CERTIFICATE----- >> MIIB7TCCAVagAwIBAgIEPygs+DANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJV >> UzEMMAoGA1UEChMDSUJNMQwwCgYDVQQLEwNTV0cxEDAOBgNVBAMTB2pzZXJ2ZXIw >> HhcNMDMwNzMwMjAzOTIwWhcNMjExMDEzMjAzOTIwWjA7MQswCQYDVQQGEwJVUzEM >> MAoGA1UEChMDSUJNMQwwCgYDVQQLEwNTV0cxEDAOBgNVBAMTB2pzZXJ2ZXIwgZ8w >> DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIQhMysAHrupK8YLnu54xipwbYfJw1ac >> xMSNQPphN2ZQEznGNp1E8tONwN4RJ4nCW/5mQRFkErOUJW3ZQKP/gwK37HwKz1+V >> OVOlQ9fitArsnEZTeqzdmBLa+vx7B7bZ8bIRPzI0CeWgQiYZZjSCsZz8JcQZxLM6 >> ob9mKE28VeZvAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAEPCRwEUBxz6+9A5/AoPB >> LiYInrowLfY+w3xJyDCie+GneLnirL+1HXRBbNOJYQTCpzN00Cgq2M/LU6tUeeZQ >> 3gwidiqFUculi2Z+8wd60q8vy6qdJ1kvg9atwMdQV2LFf7TPNccmULD9/LV9h3AV >> oBbsFukZAroF0ZvO+/4vrIk= >> -----END CERTIFICATE----- >> > > This is fine. > >> My colleague once tried to >> send soap message created by gsoap, >> although the message itself is wrong. But he still get some error >> message back and in the console of the server, there are some error >> messages like I mentioned before. > > can you send those error messages? even if that is not axis2 we may be > able to get an idea about what's going wrong. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: axis-c-user-unsubscr...@ws.apache.org > For additional commands, e-mail: axis-c-user-h...@ws.apache.org > > > -- View this message in context: http://old.nabble.com/How-to-create-a-SSL-client-to-support-https-tp11441745p27621164.html Sent from the Axis - C++ - User mailing list archive at Nabble.com.
