I have done the following:
if (sslProtocol != null && "https".equals(endPoint.getProtocol()))
{
serviceClient.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
sslProtocol);
//if the endpoint is https, the port is 443 by default
final int urlPort = endPoint.getPort();
final int port = urlPort == -1 ? 443 : urlPort;
httpClient.getHostConfiguration().setHost(endPoint.getHost(),
port, sslProtocol);
}
serviceClient.getOptions().setSoapVersionURI(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
serviceClient.getOptions().setProperty(HTTPConstants.REUSE_HTTP_CLIENT,
Boolean.TRUE);
serviceClient.getOptions().setProperty(HTTPConstants.CACHED_HTTP_CLIENT,
httpClient);
Where sslProtocol is a org.apache.commons.httpclient.protocol.Protocol instance
that I only create if I have a custom SSLSocketFactory (for use with mutual
TLS).
httpClient is a org.apache.commons.httpclient.HttpClient instance I create with
a MultiThreadedHttpConnectionManager with some custom configuration of the
connection properties (number of connections, timeouts, etc.).
Brett Okken | CAMM Platform Services | Lead Architect | 816.201.6112 |
www.cerner.com<http://www.cerner.com/> |
bok...@cerner.com<mailto:bok...@cerner.com>
From: Ockleford Paul (NHS CONNECTING FOR HEALTH) [mailto:paul.ocklef...@nhs.net]
Sent: Friday, December 21, 2012 11:28 AM
To: axis-u...@ws.apache.org
Subject: Mutual SSL with Axis2
Hi,
I have one way SSL working fine as I have my web services exposed over https
and I am able to consume them with a client built from the wsdl using
wsdl2java. I would now like to set up mutual SSL so that I can allow only
clients I choose to connect to my service.
I have tried getting this set up by creating a self signed certificate at my
client and then exporting the public portion which I have added to cacerts on
my server. I then amended the tomcat config for the url /applications so that
it requires a client certificate. This means when I now browse to the wsdl
address with my browser I get the following error: The request sent by the
client was syntactically incorrect (No client certificate chain in this
request).
I then made a slight change to my client code:
SecureProtocolSocketFactory spsf = new AuthSSLProtocolSocketFactory(new
File("N:/Workspaces/Webservices/HelloWorld/client-keystore").toURI().toURL(),
"changeit", new
File("N:/Workspaces/Webservices/HelloWorld/client-keystore").toURI().toURL(),
"changeit");
Protocol authhttps = new Protocol ("https", spsf, 443);
Protocol.registerProtocol("https", authhttps);
I then assumed that making a call from my client that everything would work but
it seems like my client also get the same html page returned from tomcat now to
say that there is no client certificate chain in the request.
Is there something else that I need to do?
Again any help is appreciated.
********************************************************************************************************************
This message may contain confidential information. If you are not the intended
recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take
any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.
Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff
in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information
with NHSmail and GSi recipients
NHSmail provides an email address for your career in the NHS and can be
accessed anywhere
********************************************************************************************************************
CONFIDENTIALITY NOTICE This message and any included attachments are from
Cerner Corporation and are intended only for the addressee. The information
contained in this message is confidential and may constitute inside or
non-public information under international, federal, or state securities laws.
Unauthorized forwarding, printing, copying, distribution, or use of such
information is strictly prohibited and may be unlawful. If you are not the
addressee, please promptly delete this message and notify the sender of the
delivery error by e-mail or you may call Cerner's corporate offices in Kansas
City, Missouri, U.S.A at (+1) (816)221-1024.
