|
hello All,
i am new to PKI but currently i have
assigned task in this.What i need to do is set up a SSL over
Axis webservice.I have configured Tomcat for SSL and it works fine for One
way SSl.But now i m trying for client authentication i have some
problem
i have done the following steps
1> Generate a Server Key and
Certificate
2>Export the Server Certificate
3>Generate a Client Key and
Certificate
4>Export the Client Certificate
5>Import the Certificates into the
Keystores(Reference:http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html)
Now for client authentication i need to
convert my client.cer in client.pfx so i followed the steps given by
you
1>keytool -export -alias client.cer -keystore client.cer
-file exported.crt
2>openssl x509 -out exported-pem.crt
-outform pem -text -in exported.crt -inform der
3>javac
ExportPriv.java(downloaded)
4>java ExportPriv client.cer
client.cer <password> > exported-pkcs8.key
5>openssl pkcs8 -inform PEM -nocrypt
-in exported-pkcs8.key -out exported.key
6>openssl pkcs12 -export -out
exported.pfx -inkey exported.key -in
exported-pem.crt
so now when i m trying to call the
Axis webservice through my client it is giving me this
error
java.net.SocketException: Software caused connection abort:
recv failed
my Axis client code is
1>System.setProperty("javax.net.ssl.trustStore","C:\\Program
Files\\Apache Group\\Tomcat
4.1\\webapps\\inteleakserver\\WEB-INF\\keystore\\client_keystore.keystore"
);
2>System.setProperty("javax.net.ssl.trustStorePassword",
"changeit" );
3>System.setProperty("java.protocol.handler.pkgs1","com.sun.net.ssl.internal.www.protocol");
4>System.setProperty("javax.net.ssl.keyStore",
"C:\\Program Files\\Apache Group\\Tomcat
4.\\webapps\\inteleakserver\\WEBINF\\keystore\\exported.pfx"
);
5>System.setProperty("javax.net.ssl.keyStorePassword", "changeit"
);
6>
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
please let me know where i m making mistake.
amit
*********************************************************
Disclaimer:
The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of MBT and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of MBT.
This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and MBT is not responsible for any loss or damage arising in any way from its use
********************************************************
|
|
