Re: Two-way SSL setup as Tomcat as a client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, On 8/7/2010 6:24 PM, Steve Johnson wrote: I can confirm that the Apache HTTPClient module is a good way to go. In fact, it works with zero configuration. You simply give it a normal 'https' URL, and it does the right thing automagically. I'm sure YF will need /some/ configuration: it looks like he's trying to use client SSL certificates, which definitely need to be configured before the SSL connection is established. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxgGpoACgkQ9CaO5/Lv0PCimwCgw6+CP9izZQ0AhkydoesH55mA YKwAn1s7DEWWmfjToE2CiMYtbdRPzOU8 =XZn8 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Two-way SSL setup as Tomcat as a client
Hi P, Thanks for response. I am refering two way SSL not just one way. In two way SSL, tomcat not only needs to trust server's root CA also it needs to pass its signed certificate to the server so server can recognize it. My experience for setting up Webshpere as 2 ways SSL client, it did take some configuration in webshpere side. Do anyone have similiar experience? Thanks, YF. From: p...@pidster.com Date: Fri, 6 Aug 2010 14:24:32 +0100 Subject: Re: Two-way SSL setup as Tomcat as a client To: users@tomcat.apache.org On 6 Aug 2010, at 13:12, yifeng wu yifen...@hotmail.com wrote: Hi, I am trying to make a call from Tomcat to another application server (Websphere) and the communication channel is secured with two-way SSL. I have been searching on the net for hours and cannot find the information about how to setup tomcat as a SSL client (there’re plenty for setting up tomcat as a server for two-way SSL). Tomcat doesn't need configuring as an SSL client, your application does. That would be why there's nothing online about it. p Can anyone share the information if you happen to know how? Thanks, YF - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Two-way SSL setup as Tomcat as a client
From: yifeng wu [mailto:yifen...@hotmail.com] Subject: RE: Two-way SSL setup as Tomcat as a client I am refering two way SSL not just one way. Irrelevant; Pid's statement still stands: it's your webapp, not Tomcat, that is trying to communicate with an external server. Tomcat plays no role is such a connection, it's entirely up to your webapp. There is nothing in Tomcat to configure for this, since Tomcat is not involved. You'll need to use the secure connection capabilities of the JRE or a 3rd-party library of your choice to do the negotiation. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Two-way SSL setup as Tomcat as a client
I see. I guess I will look into using apache httpclient or some other library (any recommendation?). Webshpere actually takes care of outbound SSL connection by configuration (no extra coding) that's why I got confused. Thanks for input, Chuck. YF From: chuck.caldar...@unisys.com To: users@tomcat.apache.org Date: Sat, 7 Aug 2010 11:22:41 -0500 Subject: RE: Two-way SSL setup as Tomcat as a client From: yifeng wu [mailto:yifen...@hotmail.com] Subject: RE: Two-way SSL setup as Tomcat as a client I am refering two way SSL not just one way. Irrelevant; Pid's statement still stands: it's your webapp, not Tomcat, that is trying to communicate with an external server. Tomcat plays no role is such a connection, it's entirely up to your webapp. There is nothing in Tomcat to configure for this, since Tomcat is not involved. You'll need to use the secure connection capabilities of the JRE or a 3rd-party library of your choice to do the negotiation. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two-way SSL setup as Tomcat as a client
I can confirm that the Apache HTTPClient module is a good way to go. In fact, it works with zero configuration. You simply give it a normal 'https' URL, and it does the right thing automagically. It may be that you have to do some configuration of your JDK and environment to have SSL capabilities available to HTTPClient, but I don't think so. I don't remember ever doing that on my dev box, and I know for a fact that my use of HTTPClient allows HTTPS URLs with no additional fuss. HTTPClient is an excellent library in general, as is most of the apache stuff. Have fun! S On 8/7/2010 3:13 PM, yifeng wu wrote: I see. I guess I will look into using apache httpclient or some other library (any recommendation?). Webshpere actually takes care of outbound SSL connection by configuration (no extra coding) that's why I got confused. Thanks for input, Chuck. YF From: chuck.caldar...@unisys.com To: users@tomcat.apache.org Date: Sat, 7 Aug 2010 11:22:41 -0500 Subject: RE: Two-way SSL setup as Tomcat as a client From: yifeng wu [mailto:yifen...@hotmail.com] Subject: RE: Two-way SSL setup as Tomcat as a client I am refering two way SSL not just one way. Irrelevant; Pid's statement still stands: it's your webapp, not Tomcat, that is trying to communicate with an external server. Tomcat plays no role is such a connection, it's entirely up to your webapp. There is nothing in Tomcat to configure for this, since Tomcat is not involved. You'll need to use the secure connection capabilities of the JRE or a 3rd-party library of your choice to do the negotiation. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two-way SSL setup as Tomcat as a client
On 6 Aug 2010, at 13:12, yifeng wu yifen...@hotmail.com wrote: Hi, I am trying to make a call from Tomcat to another application server (Websphere) and the communication channel is secured with two-way SSL. I have been searching on the net for hours and cannot find the information about how to setup tomcat as a SSL client (there’re plenty for setting up tomcat as a server for two-way SSL). Tomcat doesn't need configuring as an SSL client, your application does. That would be why there's nothing online about it. p Can anyone share the information if you happen to know how? Thanks, YF - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org