Hi,
I have one way SSL working fine as I have my web services exposed over https
and I am able to consume them with a client built from the wsdl using
wsdl2java. I would now like to set up mutual SSL so that I can allow only
clients I choose to connect to my service.
I have tried getting this set up by creating a self signed certificate at my
client and then exporting the public portion which I have added to cacerts on
my server. I then amended the tomcat config for the url /applications so that
it requires a client certificate. This means when I now browse to the wsdl
address with my browser I get the following error: The request sent by the
client was syntactically incorrect (No client certificate chain in this
request).
I then made a slight change to my client code:
SecureProtocolSocketFactory spsf = new AuthSSLProtocolSocketFactory(new
File("N:/Workspaces/Webservices/HelloWorld/client-keystore").toURI().toURL(),
"changeit", new
File("N:/Workspaces/Webservices/HelloWorld/client-keystore").toURI().toURL(),
"changeit");
Protocol authhttps = new Protocol ("https", spsf, 443);
Protocol.registerProtocol("https", authhttps);
I then assumed that making a call from my client that everything would work but
it seems like my client also get the same html page returned from tomcat now to
say that there is no client certificate chain in the request.
Is there something else that I need to do?
Again any help is appreciated.
********************************************************************************************************************
This message may contain confidential information. If you are not the intended
recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take
any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.
Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff
in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information
with NHSmail and GSi recipients
NHSmail provides an email address for your career in the NHS and can be
accessed anywhere
********************************************************************************************************************
