Dmitry Goncharov wrote:
Hi,
Dumindu Pallewela wrote:
Anyway, if it is only for testing, what you can do is to follow the
Axis2/C manual and retrieve the server cert from the server. [1]
(refer to sec. 13.1.2 Configuration). Well you can do this even if it
was not for testing, but it is not recommended to do so.
Thanks,
Dumindu.
Why is this not recommended?
What the manual says is, get the certificate from the end point and set
it as CA certificate. In this case, you are excluding the trust
verification, or you are doing it manually, which is not recommended,
since any intruders can impersonate the service (e.g by /DNS Spoofing)/
and issue the certificate and thereby get your secret details.
Regards,
Shankar.
Thanks, Dmitry
--
S.Uthaiyashankar
Software Architect
WSO2 Inc.
http://wso2.com/ - "The Open Source SOA Company"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
