asankha, I have synapse running again and configured to proxy my http requests to an https endpoint that requires a client certificate. Here is my basic synapse configuration
<definitions xmlns="http://ws.apache.org/ns/synapse";> <localEntry key="MYAPI.wsdl" src="file:repository/conf/sample/resources/proxy/MYAPI.wsdl" /> <endpoint name="MYAPI-1.0"> <address uri="https://server.somedomain.com/1.0/MYAPI"; format="soap12"/> </endpoint> <proxy name="MYAPI" transports="http"> <target> <endpoint key="MYAPI-1.0"/> </target> <publishWSDL key="MYAPI.wsdl"/> </proxy> <!-- Log all messages passing through --> <log level="none"/> <!-- Send the messages where they have been sent (i.e. implicit "To" EPR) --> <send/> </definitions> It appears to be listening for requests (and serving WSDL) on http and it also appears to delegate the call back to the https implementation. but from that point it basically stalls at with this log message [I/O reactor worker thread] DEBUG Axis2HttpRequest - get source channel of the pipe on which the outgoing response is written and finally times out. It appears to me that something is going wrong with the SSL handshake to the backend service. If I use a truststore without the ca cert for the server I am calling, I get an SSL error. But if I use different keystore with incorrect client certificates, i don't get any messages. Is there a way to diagnose the SSL handshake component in more detail? Let me know. Thanks, Michael -----Original Message----- From: Michael Griffin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 08, 2007 2:18 PM To: [email protected] Subject: RE: Outbound HTTPS with Client Certificate asankha, thank you for pulling this together. i'll let you know how it turns out. i was trying to build from the trunk earlier today but don't seem to be able to anymore as maven is unable to get at some of the new poms like axis2-1.1.1.pom thanks again, griffin -----Original Message----- From: Asankha C. Perera [mailto:[EMAIL PROTECTED] Sent: Thursday, March 08, 2007 2:05 PM To: [email protected] Subject: Re: Outbound HTTPS with Client Certificate Hi Griffin I tested Synapse trunk to use client authentication just now, and yes it does work as expected.. and is able to provide client credentials to invoke the sample service that asks for client authentication! However our sample Axis2 server or Synapse cannot yet be configured to request/force client authentication yet - but this is a simple enhancement on the excellent HttpCore/NIO-SSL library we use, and I have already filed an enhancement request for this, and I assume it would be available before we cut our 1.0 release. So if you've got a Web service that requires/wants client authentication already, you could use a build of the SVN trunk (I placed one here http://people.apache.org/~asankha/synapse-SNAPSHOT-bin.tar.gz) and try it out. Please note that the Synapse configuration language syntax has changes slightly from 0.92. I'm sure this mail closes this issue :-)! asankha > >> Michael Griffin wrote: >> >> Does Synapse support using HTTPS with Client Certificates as an outbound >> transport? I would like to use Synapse to act as a gateway between my >> internal applications and an third-party hosted web service requiring >> >> HTTPS >> >> and client certificates. Any help or direction would be great. >> >> Thanks, >> Griffin > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
