Well "client certificate chain" may not be the best term to use. Any suggestions?
-Dumindu. On Feb 13, 2008 2:21 PM, Dumindu Pallewela <[EMAIL PROTECTED]> wrote: > Hi Senaka, > > Yes, that's why I said that he can directly use the server certificate :) > > However, in axis2 manual, what is referred to as the certificate chain > file has nothing to do with CA verification, but client > authentication. This is the file which has both the client certificate > and client private key. > > Regards, > Dumindu. > > > On Feb 13, 2008 2:08 PM, Senaka Fernando <[EMAIL PROTECTED]> wrote: > > Hi Dumindu, > > > > We've done some modifications to CA cert verification. There Vivi would > > not want to store the entire cert chain locally. > > > > Regards, > > Senaka > > > > > > > Hi Vivian, > > > > > >> > > >> (1) I looked at the manuals you refered to, it seems to me that I will > > >> need > > >> to re-compile the AXIS2/c to enable ssl. My question is this, is the > > >> downloaded binary from AXIS2/c side SSL enabled? > > > > > > No, you have to compile source with --enable-openssl option set. > > > > > >> > > >> (2) Now suppose I have an AXIS2/c based client, and an AXIS-j (v1.4) + > > >> TOMCAT based server component, will the HTTPS continue to work if I set > > >> up > > >> key chain file for the client and set up keystore file for the > > >> AXIS-J/TOMCAT > > >> based server? Did anyone ever test this senario? and how to test? > > > > > > Well, I haven't tested this particular scenario myself and I'm not > > > sure if someone else has tested it already either. But we have tested > > > our https transport againts other servers and there is no reason that > > > I can think of, why it would fail for TOMCAT. > > > > > > Of course you are welcome to test this scenario, I can help you with > > > setting up the axis2/c client, but I am not sure how TOMCAT should be > > > dealt with. However, if you can set up https for TOMCAT somehow, you > > > can check if it is working properly, by pointing your browser to the > > > end point url. > > > > > > Then the easiest way to configure AXIS2/C client is to provide the > > > same server certificate that you have used in TOMCAT server for the > > > SERVER_CERT parameter in axis2.xml. Note that there is no need for a > > > key-chain file or a pass-phrase if you do not want client > > > authentication. > > > > > > > > > HTH, > > > Dumindu. > > > > > > -- > > > Dumindu Pallewela > > > http://blog.dumindu.com > > > GPG ID: 0x9E131672 > > > > > > WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > > Dumindu Pallewela > http://blog.dumindu.com > GPG ID: 0x9E131672 > > WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com > -- Dumindu Pallewela http://blog.dumindu.com GPG ID: 0x9E131672 WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
