You need to trust the server certificate or the handshake will fail.
If the servers cert is self-signed you will need to give the client access
to it via its keystore so it can trust it.
If the server is using a versign/thawte/your_own_dummy_CA digitally signed
cert then the client needs the Root CA cert in its trustore.
-----Original Message-----
From: Hartmut Bernecker [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 06, 2001 10:25 AM
To: [EMAIL PROTECTED]
Subject: SOAP client with SSL and w/o client certificate
Hello,
how to produce a java-soap client using ssl w/o client-certificate
(HTTPS)?
It is no problem for me to create a SOAP client using HTTP, but I'm new
in security things and search for some help to be getting started.
The Apache SOAP Doc says:
(OK is no problem for me, ?? big question for me).
OK: import javax.net.ssl.SSLSocketFactory;
OK: import java.security.Security;
??:
System.setProperty("javax.net.ssl.trustStore","C:\\jdk1.3\\bin\\client.keyst
ore");
//: Do I need that if I don't woant Client Certificates??
OK:
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.ww
w.protocol");
OK: Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Do I need the trustStore / client.deystore??? - if I don't want
clientside authentication?
Thank you
Hartmut
