Hi Everyone! First of all, thanks for the quick answers.
I think now I am a step further, but I haven't quite reached the goal. Thanks for the introduction on the client side, this is exactly what I am doing! ;) On the server side I have two file: - The .keystore contains my server certificate (key) - The .truststore contains the certificate (key) [This key comes from the client's .keystore] I was missing the entry "clientAuth=true" in the Tomcat's server.xml. Thanks for the tip! After changing this and restarting the Tomcat I have come accross two problems: 1.) When browsing to the WSDL-File with Firefox, I can not see anything, as I do not have a valid client certificate. I tried to import a certificate, that I exported with the keytool from the client's .keystore, but it is rejected as it is not a valid PK-12. Any hints? 2.) My client can connect to the server, and I think that everything is working - at least from the view of SSL. But the problem is that I get the following error message: "Exception in thread "main" org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) https://XXXX:8443/axis2/services/RepositoryService"; How can I configure this EPR in the services.xml? Thanks in Advance! Stefan SGruverman wrote: > > First, I haven't used any of the Axis2 HTTPS support you mentioned. I > don't > know if this is typical of Axis2 web services, but most references I've > seen to SSL use the facilities of the app server and javax.net. > > Couple of questions to get started: > Is the "standard" SSL working (other than the client authentication)? > Does your Tomcat config include clientAuth="true"? > Does your Tomcat config include settings for keystorefile and > keystorepass as well as truststorefile and truststorepass? > On the server, the keystore contains the SSL certificate and the > truststore contains the certificate *of the Certificate Authority that > signed the certificate that the client is using for client > authentication.* > (I find this confusing - to keep it simple, I use the same keystore for > both. Not a "best practice", I think). > > Does your client System.setProperty() for javax.net.ssl.trustStore, > trustStorePassword, keyStore and keyStorePassword? > Here. the keystore contains the SSL client authentication certificate > and the truststore contains the certificate *of the Certificate > Authority that signed the server SSL certificate*. > > Another useful property to set is javax.net.debug - set it to "ssl" to get > a bunch of SSL diagnostics. > > I'm still pretty new to this stuff, so I'm not certain of this information > (but it seems to work for us). Please jump in and correct me if I'm wrong! > > Anyway, I hope this helps. > > - Steve > > ______________________________________________ > Steve Gruverman, Programmer > IntelliCare, Inc. | A Medco Health Solutions Company > > 500 Southborough Drive | South Portland ME 04106 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Axis-2---SSL-with-Client-Authentication-tp19180080p19181697.html Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
