hello All,
i am new to PKI but currently i have assigned task in this.What i need to do
is set up a SSL over Axis webservice.I have configured Tomcat for SSL and it
works fine for One way SSl.But now i m trying for client authentication i
have some problem
i have done the following steps
1> Generate a Server Key and Certificate
2>Export the Server Certificate
3>Generate a Client Key and Certificate
4>Export the Client Certificate
5>Import the Certificates into the
Keystores(Reference:http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_S
SL.html)
Now for client authentication i need to convert my client.cer in client.pfx
so i followed the steps given by you
1>keytool -export -alias client.cer -keystore client.cer -file
exported.crt
2>openssl x509 -out exported-pem.crt -outform pem -text -in
exported.crt -inform der
3>javac ExportPriv.java(downloaded)
4>java ExportPriv client.cer client.cer <password> > exported-pkcs8.key
5>openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out
exported.key
6>openssl pkcs12 -export -out exported.pfx -inkey exported.key -in
exported-pem.crt
so now when i m trying to call the Axis webservice through my client it is
giving me this error
java.net.SocketException: Software caused connection abort: recv failed
my Axis client code is
1>System.setProperty("javax.net.ssl.trustStore","C:\\Program Files\\Apache
Group\\Tomcat
4.1\\webapps\\inteleakserver\\WEB-INF\\keystore\\client_keystore.keystore" )
;
2>System.setProperty("javax.net.ssl.trustStorePassword", "changeit" );
3>System.setProperty("java.protocol.handler.pkgs1","com.sun.net.ssl.internal
.www.protocol");
4>System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Apache
Group\\Tomcat
4.\\webapps\\inteleakserver\\WEBINF\\keystore\\exported.pfx" );
5>System.setProperty("javax.net.ssl.keyStorePassword", "changeit" );
6> System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
please help me out where Im making mistake.
Regards,
Rajendra
*********************************************************
Disclaimer:
The contents of this E-mail (including the contents of the enclosure(s) or
attachment(s) if any) are privileged and confidential material of MBT and
should not be disclosed to, used by or copied in any manner by anyone other
than the intended addressee(s). In case you are not the desired addressee,
you should delete this message and/or re-direct it to the sender. The views
expressed in this E-mail message (including the enclosure(s) or attachment(s)
if any) are those of the individual sender, except where the sender expressly,
and with authority, states them to be the views of MBT.
This e-mail message including attachment/(s), if any, is believed to be free of
any virus. However, it is the responsibility of the recipient to ensure that
it is virus free and MBT is not responsible for any loss or damage arising in
any way from its use
********************************************************
