Hi Alex, Thx for ur reply. Just to clear that access to web service on ssl is working smoothly. Now I want to do the two way authentication. i.e. Using client certificate. HostNameVerifier is third party utility or provided by Java/Apache.
Regards, Raj. -----Original Message----- From: Alexander Mischur [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 20, 2005 7:54 PM To: axis-user@ws.apache.org Subject: Re: Urgent > Client authentication fails for ssl for Axiswebservicwclient Hi if I understand the SSL in java right you didn't need a keyFile on the client site. Did you have a HostNameVerifier? In my code i write this: System.setProperty("javax.net.ssl.trustStore", trustFile); HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { logger.warn("URL Host: " + urlHostName + " vs. " + session.getPeerHost()); return true; } }; HttpsURLConnection.setDefaultHostnameVerifier(hv); now write the webservice call. I hope it will help you Regards, Alex Rajendra wrote: > hello All, > i am new to PKI but currently i have assigned task in this.What i need to do > is set up a SSL over Axis webservice.I have configured Tomcat for SSL and it > works fine for One way SSl.But now i m trying for client authentication i > have some problem > i have done the following steps > 1> Generate a Server Key and Certificate > 2>Export the Server Certificate > 3>Generate a Client Key and Certificate > 4>Export the Client Certificate > 5>Import the Certificates into the > Keystores(Reference:http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_S > SL.html) > > Now for client authentication i need to convert my client.cer in client.pfx > so i followed the steps given by you > 1>keytool -export -alias client.cer -keystore client.cer -file > exported.crt > > 2>openssl x509 -out exported-pem.crt -outform pem -text -in > exported.crt -inform der > > 3>javac ExportPriv.java(downloaded) > 4>java ExportPriv client.cer client.cer <password> > exported-pkcs8.key > > 5>openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out > exported.key > > 6>openssl pkcs12 -export -out exported.pfx -inkey exported.key -in > exported-pem.crt > > so now when i m trying to call the Axis webservice through my client it is > giving me this error > > java.net.SocketException: Software caused connection abort: recv failed > > > > my Axis client code is > > 1>System.setProperty("javax.net.ssl.trustStore","C:\\Program Files\\Apache > Group\\Tomcat > 4.1\\webapps\\inteleakserver\\WEB-INF\\keystore\\client_keystore.keystore" ) > ; > > 2>System.setProperty("javax.net.ssl.trustStorePassword", "changeit" ); > > 3>System.setProperty("java.protocol.handler.pkgs1","com.sun.net.ssl.internal > .www.protocol"); > > 4>System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Apache > Group\\Tomcat > 4.\\webapps\\inteleakserver\\WEBINF\\keystore\\exported.pfx" ); > 5>System.setProperty("javax.net.ssl.keyStorePassword", "changeit" ); > > 6> System.setProperty("javax.net.ssl.keyStoreType", "pkcs12"); > > please help me out where Im making mistake. > > Regards, > Rajendra > > > ********************************************************* > Disclaimer: > The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of MBT and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of MBT. > > This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and MBT is not responsible for any loss or damage arising in any way from its use > > ******************************************************** > ********************************************************* Disclaimer: The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of MBT and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of MBT. This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and MBT is not responsible for any loss or damage arising in any way from its use ********************************************************
