Axis2 uses HTTPClient, so you can overwrite the https protocol by
registering your own SSLSocketFactory.
Refer http://jakarta.apache.org/commons/httpclient/sslguide.html for
details.
In your SSLSocketFactory, override the "private static TrustManager[]
createTrustManagers(final KeyStore keystore)" method.
And create your own X509TrustManager to trust all certs.
Insert the following line in the Axis2 web services client code to register
your own https protocol.
"Protocol.registerProtocol("https", new
Protocol("https",(ProtocolSocketFactory) yourOwnSSLSocketFactory, port));"
And HTTPClient will use your own SSLSocketFactory.
Regards,
Xinjun
On 11/23/06, xu cai <[EMAIL PROTECTED]> wrote:
Actually, you can use
System.setProperty("javax.net.ss.trustStore", "your key store file
location") .
it can set truststore file path.
On 11/23/06, Luis Rivera <[EMAIL PROTECTED]> wrote:
>
>
>
> Thanks a lot Vicio and Magnus,
>
> I will try Vicio's suggestion first since I am using applets and writing
> to
> the client's hard disk might not be a viable option. However, I wonder
> if
> including a keystore in the jar file will do the trick. I am not sure if
> a
> keystore is also looked for in the classpath, but I guess I can try.
>
> Thanks again,
> --Luis R.
>
> >From: <[EMAIL PROTECTED]>
> >Reply-To: [email protected]
> >To: <[email protected]>
> >Subject: RE: Axis https/SSL Server Certificate Validation question
> >Date: Wed, 22 Nov 2006 12:53:12 +0100
> >
> >For avoiding certification validation, try to use the code:
> >
> >AxisProperties.setProperty("axis.socketSecureFactory","
> org.apache.axis.c
> >omponents.net.SunFakeTrustSocketFactory");
> >
> >it should solve your problem.
> >
> >
> >Regards,
> >Vicio.
> >
> >
> >-----Original Message-----
> >From: Magnus Bergman [mailto: [EMAIL PROTECTED]
> >Sent: 22 novembre 2006 12.21
> >To: [email protected]
> >Subject: Re: Axis https/SSL Server Certificate Validation question
> >
> >This is no axis problem, but anyway,
> >i don't know how to bypass the certification verification.
> >But a solution to your problem is:
> >
> >add the self signed server cert into a truststore file that you put in
> >your client-jar file and configure your client-app to use your shipped
> >trustore file? Something like this URL url =
> > this.getClass().getClassLoader().getResource("truststore_in_jar");
> >JarURLConnection conn = (JarURLConnection) url.openConnection();
> JarFile
> >jar = conn.getJarFile(); JarEntry entry =
> >jar.getJarEntry("truststore_in_jar");
> >InputStream is = jar.getInputStream (entry); File tmp =
> >File.createTempFile("certs", ".cer"); tmp.deleteOnExit();
> >FileOutputStream fos = new FileOutputStream(tmp); byte[] buffer = new
> >byte[1024]; int bytes; while( (bytes = is.read(buffer)) > 0 )
> > fos.write(buffer, 0, bytes);
> >fos.close();
> >is.close();
> >url = tmp.toURL();
> >System.out.println("setting truststore to: " + url.getPath());
> >System.setProperty ("javax.net.ssl.trustStore",url.getPath());
> >
> >this will of course write a temporary truststore to your clients local
> >hard disk, but it works...
> >
> >regards
> >Magnus
> >
> >
> >Luis Rivera wrote:
> > >
> > > Dear axis users,
> > >
> > > I googled my way up to this point, but now I have to ask about this.
> I
> >
> > > am sure it is being asked, but have not being able to find a way to
> do
> >
> > > this, unless I am misunderstanding something.
> > >
> > > OK, I want to use https for encryption using only Server side
> > > authentication. I managed to create a self signed certificate for
> > > tomcat, installed in a keystore and set up the server.xml file with
> > > the right info. This works great, now I can use https to browse the
> > > tomcat pages, axis Validation and make sure that my own Services
> > > (based on axis
> > > 1.4) are deployed.
> > >
> > > My WSDL is rpc/literal. so I basically locate the Service using the
> > > right URL ( https://host:port/axis/services/MyService) and got a
> > > SSLHandshakeException!!!
> > >
> > > So, I figured the problem might be that since the browser usually
> > > prompts the user to confirm if the certificate should be trusted,
> now
> > > my program was not able to trust the certificate. Therefore, I
> > > basically added the certificate to the client jre cacerts file and
> > > that solved the problem.
> > >
> > > HOWEVER, I don't want my client to modify a file in its local hard
> > > disk if possible. I want it to just ignore the fact that the
> > > Certificate is not in the keystore and go on, just like I always say
> > > "yes" when the browser pop up the dialog, since I am only caring for
>
> > > encryption at this point.
> > >
> > > So, the question is:
> > >
> > > HOW DO i MAKE THE CLIENT BYPASS THE CERTIFICATE VERIFICATION step in
> > > my client?
> > >
> > > I believe I have to use a TrustManager and a SSL context, but I am
> not
> >
> > > sure how to connect it to the axis Engine running under my client,
> > > which is the one opening the context that matters for this and
> > > subsequent connections.
> > >
> > > Thanks in advance, any tip will be appreciate,
> > > --Luis R.
> > >
> > > _________________________________________________________________
> > > Talk now to your Hotmail contacts with Windows Live Messenger.
> > > http://clk.atdmt.com/MSN/go/msnnkwme0020000001msn/direct/01/?href=http
>
> > > ://get.live.com/messenger/overview
> > >
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> >
> >--
> >------------------------------------
> >Magnus Bergman
> >www.voiceprovider.se
> >Mobile +46(0)733 63 42 08
> >Office +46(0)8 525 080 08
> >Fax +46(0)8 456 96 61
> >Slottsbacken 6
> >111 30 Stockholm
> >------------------------------------
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >This message is for the designated recipient only and may contain
> >privileged, proprietary, or otherwise private information. If you have
> >received it in error, please notify the sender immediately and delete
> the
> >original. Any other use of the email by you is prohibited.
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
> _________________________________________________________________
> MSN Shopping has everything on your holiday list. Get expert picks by
> style,
> age, and price. Try it!
>
http://shopping.msn.com/content/shp/?ctId=8000,ptnrid=176,ptnrdata=200601&tcode=wlmtagline
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
- xucai
