Actually, you can use
System.setProperty("javax.net.ss.trustStore", "your key store file
location") .
it can set truststore file path.
On 11/23/06, Luis Rivera <[EMAIL PROTECTED]> wrote:
Thanks a lot Vicio and Magnus,
I will try Vicio's suggestion first since I am using applets and writing
to
the client's hard disk might not be a viable option. However, I wonder if
including a keystore in the jar file will do the trick. I am not sure if a
keystore is also looked for in the classpath, but I guess I can try.
Thanks again,
--Luis R.
>From: <[EMAIL PROTECTED]>
>Reply-To: [email protected]
>To: <[email protected]>
>Subject: RE: Axis https/SSL Server Certificate Validation question
>Date: Wed, 22 Nov 2006 12:53:12 +0100
>
>For avoiding certification validation, try to use the code:
>
>AxisProperties.setProperty("axis.socketSecureFactory","org.apache.axis.c
>omponents.net.SunFakeTrustSocketFactory");
>
>it should solve your problem.
>
>
>Regards,
>Vicio.
>
>
>-----Original Message-----
>From: Magnus Bergman [mailto:[EMAIL PROTECTED]
>Sent: 22 novembre 2006 12.21
>To: [email protected]
>Subject: Re: Axis https/SSL Server Certificate Validation question
>
>This is no axis problem, but anyway,
>i don't know how to bypass the certification verification.
>But a solution to your problem is:
>
>add the self signed server cert into a truststore file that you put in
>your client-jar file and configure your client-app to use your shipped
>trustore file? Something like this URL url =
> this.getClass().getClassLoader().getResource("truststore_in_jar");
>JarURLConnection conn = (JarURLConnection) url.openConnection(); JarFile
>jar = conn.getJarFile(); JarEntry entry =
>jar.getJarEntry("truststore_in_jar");
>InputStream is = jar.getInputStream(entry); File tmp =
>File.createTempFile("certs", ".cer"); tmp.deleteOnExit();
>FileOutputStream fos = new FileOutputStream(tmp); byte[] buffer = new
>byte[1024]; int bytes; while( (bytes = is.read(buffer)) > 0 )
> fos.write(buffer, 0, bytes);
>fos.close();
>is.close();
>url = tmp.toURL();
>System.out.println("setting truststore to: " + url.getPath());
>System.setProperty("javax.net.ssl.trustStore",url.getPath());
>
>this will of course write a temporary truststore to your clients local
>hard disk, but it works...
>
>regards
>Magnus
>
>
>Luis Rivera wrote:
> >
> > Dear axis users,
> >
> > I googled my way up to this point, but now I have to ask about this. I
>
> > am sure it is being asked, but have not being able to find a way to do
>
> > this, unless I am misunderstanding something.
> >
> > OK, I want to use https for encryption using only Server side
> > authentication. I managed to create a self signed certificate for
> > tomcat, installed in a keystore and set up the server.xml file with
> > the right info. This works great, now I can use https to browse the
> > tomcat pages, axis Validation and make sure that my own Services
> > (based on axis
> > 1.4) are deployed.
> >
> > My WSDL is rpc/literal. so I basically locate the Service using the
> > right URL (https://host:port/axis/services/MyService) and got a
> > SSLHandshakeException!!!
> >
> > So, I figured the problem might be that since the browser usually
> > prompts the user to confirm if the certificate should be trusted, now
> > my program was not able to trust the certificate. Therefore, I
> > basically added the certificate to the client jre cacerts file and
> > that solved the problem.
> >
> > HOWEVER, I don't want my client to modify a file in its local hard
> > disk if possible. I want it to just ignore the fact that the
> > Certificate is not in the keystore and go on, just like I always say
> > "yes" when the browser pop up the dialog, since I am only caring for
> > encryption at this point.
> >
> > So, the question is:
> >
> > HOW DO i MAKE THE CLIENT BYPASS THE CERTIFICATE VERIFICATION step in
> > my client?
> >
> > I believe I have to use a TrustManager and a SSL context, but I am not
>
> > sure how to connect it to the axis Engine running under my client,
> > which is the one opening the context that matters for this and
> > subsequent connections.
> >
> > Thanks in advance, any tip will be appreciate,
> > --Luis R.
> >
> > _________________________________________________________________
> > Talk now to your Hotmail contacts with Windows Live Messenger.
> > http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http
> > ://get.live.com/messenger/overview
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>--
>------------------------------------
>Magnus Bergman
>www.voiceprovider.se
>Mobile +46(0)733 63 42 08
>Office +46(0)8 525 080 08
>Fax +46(0)8 456 96 61
>Slottsbacken 6
>111 30 Stockholm
>------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>This message is for the designated recipient only and may contain
>privileged, proprietary, or otherwise private information. If you have
>received it in error, please notify the sender immediately and delete the
>original. Any other use of the email by you is prohibited.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
_________________________________________________________________
MSN Shopping has everything on your holiday list. Get expert picks by
style,
age, and price. Try it!
http://shopping.msn.com/content/shp/?ctId=8000,ptnrid=176,ptnrdata=200601&tcode=wlmtagline
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
- xucai
