BTW, we use the Apache Axis to make a connection between our client and server.
On 2/23/06, Jihwan Kim <[EMAIL PROTECTED]> wrote: > > Thanks Bill, > > 1. My client doesn't throw an exception if the client and server's cert > is identical and both are expired. If only one of them is expired, it thorws > exception. I want to detect the expired situation even if both side are > expired. > > 2. WebLogic detects expired cert. So, it means JSSE doesn't do this but > does WebLogic have its own code to detect this? > > Thanks, > > > On 2/22/06, Bill Barker <[EMAIL PROTECTED]> wrote: > > > > > > "Jihwan Kim" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > >Hi, > > >I have this in my server.xml > > > <Connector port="443" > > > maxThreads="150" minSpareThreads="25" > > maxSpareThreads="75" > > > enableLookups="false" disableUploadTimeout="true" > > > acceptCount="100" debug="0" scheme="https" secure="true" > > > clientAuth="true" sslProtocol="TLS" > > > keystoreFile="c:/j2sdk1.4.2_09/jre/lib/security/cacerts" > > >keystorePass="XXXX" /> > > > > > >cacerts is a self signed certificate. > > > > > >Whewn the certificate is expired, I would like to detect it and send a > > >proper message to a client side user. > > > > This happens deep within JSSE, before normally any of your or Tomcat's > > code > > gets a chance to do anything. > > > > >So, 1. how can I detect the expired cert from a Java application > > client. > > > > Unless you configure your own TrustManager, the client will throw an > > exception when you try to connect. > > > > > 2. Can I detect the expired cert during the Tomcat startup? > > > > Strangely, JSSE doesn't do this. Of course, there is nothing stopping > > your > > app from reading the cert from the KeyStore and checking yourself ;-). > > > > > > > >Thank you. > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > >
