We create our keys using: 1) keytool -genkey -keysize 512 -keyalg RSA -alias mycert -dname "myDistinguishedName" -validity 999
This creates a .keystore in you home dir. Then: 2) keytool -export -alias mycert -file mypub.cer Exports the public key from the created certificate. Then we import this public key in the remote cacerts (client) 3) keytool -import -keystore "myKeystoreFile" -storepass "myPassword" -alias mycert -file "theCreated.cerFile" Note that conf/serverkey.jks in xbean.xml contains the private key we just created in step 1 This procedure authenticates the servicemix server in the client. If the remote client is to be authenticated in servicemix, the servicemix cacerts should contain the client's public key (or all keys from its certification path) too. jlbarrera wrote: > > Thank you very much > You are using SSL in the consumer role, but i need make it but in the role > provider. I know that the syntax is equal for same roles, but the way of > create the keystore i think that must be diferent, because i received an > error: > > unable to find valid certification path to requested target > > I think that i dont create the keystore in the correct way. > > Regards! > > > wizard wrote: >> >> This is our xbean.xml: >> >> <?xml version="1.0" encoding="UTF-8"?> >> <beans xmlns:http="http://servicemix.apache.org/http/1.0"; >> xmlns:sa="http://sa"; >> xmlns:sahs="http://sa/hs";> >> >> <classpath> >> <location>.</location> >> </classpath> >> >> <http:endpoint service="sahs:hs" >> endpoint="porths" >> role="consumer" >> locationURI="https://0.0.0.0:8192/Service/"; >> defaultMep="http://www.w3.org/2004/08/wsdl/in-out"; >> targetEndpoint="portseh" >> targetService="sa:sajbiseHTTP" >>> >> >> <http:ssl> >> <http:sslParameters keyStore="conf/serverkey.jks" >> keyStorePassword="my_keystore_password" >> needClientAuth="true"/> >> </http:ssl> >> </http:endpoint> >> </beans> >> >> >> The keystore file was created using keytool.exe from java. >> Hope this helps... >> >> >> jlbarrera wrote: >>> >>> Hello wizard, >>> >>> I have seen that you are using HTTP BC with SSL. >>> You could explain me how you have make it? and how you create the >>> keystores? >>> it will be very useful for me. >>> >>> Thanks! >>> >>> >>> wizard wrote: >>>> >>>> Hi all, >>>> >>>> We are using HTTP BC with SSL enabled. This BC points to a SE developed >>>> by us. What we want to do is to authenticate a given user in this SE. >>>> Our client doesn't have any login info, apart from the certificates. Is >>>> this required? >>>> >>>> In our SE we use NormalizedMessage.getSecuritySubject(), but this >>>> always returns null. How can we get info about the user in a SE? >>>> >>>> Thanks in advance! >>>> >>> >>> >> >> > > -- View this message in context: http://www.nabble.com/Authenticate-user-in-Service-Engine-tf3016263s12049.html#a9439463 Sent from the ServiceMix - User mailing list archive at Nabble.com.
