Hi Gul,
>>>Then I have created a certificate using keytool and imported it into >>>client's truststore. I assume that if you don't need client authentication, then there is no need to create another certificate for client. The tomcat servers certificate should be imported to your clients truststore. If both client and server authentication is needed then your clients certificate should be imported in your server's keystore. And all this is needed only if your certificates are self-signed. Others any different opinions??? Regards, Subir S ________________________________ From: Gul Onural [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 20, 2006 2:45 AM To: [email protected]; Martin Gainty Subject: RE: Accessing axis2 based web service with https Thanks Martin. My understanding is that the keyStore and keyStorePassword are required on the server side, not in the client side. That is why I haven't set these attributes in the client code. Is my understanding wrong ? The keytool -list properly lists my certificate by the way, but client cannot invoke any operations through https.. Is there anyone successfully used https to invoke any web service operation using Axis2 1.1 release or nightly ? If yes, can you share the details ? Thanks, Gul ________________________________ From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 19, 2006 3:53 PM To: [email protected] Subject: Re: Accessing axis2 based web service with https I didnt see jeyStore and keyStorePassword attributes javax.net.ssl.keyStore /*full path to .ks (Keysore) file*/ javax.net.ssl.keyStorePassword /*Password that protects keyfile */ also.. if you had used this command to import the cert NameOfCert.crt into the keyfile NameOfKeyStoreFile keytool -import -keystore NameOfKeyStoreFile -alias cert_server -storepass changeit -file NameOfCert.crt then you should verify the certificate is properly imported into keystore with keytool -list -keystore NameOfKeyStoreFile -alias cert_server -storepass changeit -v Anyone else? M- --------------------------------------------------------------------------- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --------------------------------------------------------------------------- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. ----- Original Message ----- From: Gul Onural <mailto:[EMAIL PROTECTED]> To: [email protected] Sent: Tuesday, December 19, 2006 3:22 PM Subject: Accessing axis2 based web service with https Hi, I have followed tomcat https/ssl configuration document under http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html <http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html> to configure tomcat for https/ssl. Then I have created a certificate using keytool and imported it into client's truststore. I have added the following two properties to my client code : System.setProperty("javax.net.ssl.trustStore", "truststore path"); System.setProperty("javax.net.ssl.trustStorePassword", "password"); I am using Axis2 1.1 branch nightly and getting "PKIX path building failed" exception. What else needs to be done to get the a client working with https ? Gul INFO: I/O exception (org.apache.axis2.AxisFault) caught when processing request: sun.security.validator.ValidatorExce ption: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is: com.ctc.wstx.exc.WstxIOException: sun.security.validator.ValidatorException: PKIX path building failed: sun.s ecurity.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Dec 19, 2006 3:12:45 PM org.apache.commons.httpclient.HttpMethodDirector executeWithRetry INFO: Retrying request The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
