Yeh, I am not doing MUTUAL authentication, just one way. Also, I agree that you should recreate your keys/certificates. Make sure you delete anything already registered under the old keys/certificates
-----Original Message----- From: Darren Marvin [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 9:18 AM To: [EMAIL PROTECTED] Subject: RE: Axis, JSSE and HTTPS Thanks Jonathan, I am actually trying to go a little further than Tomcat SSL. I have set up the Apache HTTP server to sit in front of Tomcat (they communicate over mod_webapp). The Apache HTTP server handles SSL handshakes and connections. I am doing this because Apache HTTP Server is quicker and also should be better supported for security updates. There is full mutual authentication going on too. I have had this working when the JSSE client is using default keystore settings but it failed when I changed the passwords. I have since adopted the latest Axis nightly build and it now handles changing passwords fine. However I am now getting the 'failed extension check:' error described below. I am going to generate my certificates again to see if that does anything useful. Thanks again. Darren. > -----Original Message----- > From: Asbell, Jonathan [mailto:[EMAIL PROTECTED]] > Sent: 22 November 2002 14:02 > To: '[EMAIL PROTECTED]' > Subject: RE: Axis, JSSE and HTTPS > > > Here is what I had to do for Tomcat. Hope this helps > > ========================================== > place three jsse jar files in \jre\lib\ext > =============================================== > run java keytool to generate the key in the keystore located > in the home > directory of the user/owner of tomcat. (when generating the > key make sure > you anser the "first name last name" question with the dns > domain for the > calling server...aviationnow.com). Also, make sure that when > generating > keys with the commandline keytool you either include the full > path to the > keystore, or leave it out completely (uses default keystore > location for the > generating user) > =============================================== > configure server.xml with an entry like this: > <Connector > className="org.apache.catalina.connector.http.HttpConnector" > port="8443" > minProcessors="5" > maxProcessors="75" > enableLookups="true" > acceptCount="10" > debug="9" > scheme="https" > secure="true"> > <Factory > className="org.apache.catalina.net.SSLServerSocketFactory" > clientAuth="false" > keystoreFile="C:\Documents and Settings\Administrator\.keystore" > protocol="TLS"/> > </Connector> > =============================================== > add > _xalan.jar (use the same xalan all around) > _xmlsec.jar (use the jar in xml-security-bin-1_0_5D2.zip) > to > jakarta-tomcat-4.1.12\common\lib > ========================================== > > > > > > > -----Original Message----- > From: Darren Marvin [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 21, 2002 4:38 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Axis, JSSE and HTTPS > > > Hi all, > > I am attempting to make HTTPS invocations from an Axis client > to an Apache > HTTP Server. I am using the latest nightly build as suggested > by members of > the developer list. The latest version seems to be vast > improvement in terms > of providing for changing keystore locations and passwords. > My problem now > is that I am getting the following during handshake: > > failed extension check: > > ... > > ext exception was: java.security.cert.CertificateException: > Intermediate > X.509v3 certificate without basic constraints extension > > Any suggestions would be welcomed. > > Thanks in advance, > > Darren. > >
