Thanks Manjula. 1) Is password for the entire pfx file or is it one per certificate inside the pfx key-store? 2) Where do I specify the password for the pfx keystore? Is it in axis2.xml or through an API? 3) Is there an open-source tool for pfx key management? I can convert an individual certificate to pfx format using openssl. I am looking for a tool for storing multiple keys Thanks again, Regards, Raghu
________________________________ From: Manjula Peiris [mailto:[EMAIL PROTECTED] Sent: Fri 10/3/2008 11:52 PM To: Apache AXIS C User List Subject: RE: certificate file for communicating via https On Fri, 2008-10-03 at 12:14 -0400, Raghu Udupa wrote: > Thanks Manjula. I need a couple more clarifications, > > 1) If I store multiple certificates in a PFX file, how would > axis2c/rampart know which certificate to use? You need to provide the password in order to retrieve the certifcate. > > 1.1) Does it go by the domain name in the URI? If so, what is the > criteria? That is, if URI is > www.webservices.com/axis2/services/myservice, then, does it use the > domain www.webservices.com for retrieving the certificate. > > 1.2) Do I need to specify a password for each certificate? > 2) You mention providing .pfx file and password to Rampart/C. My > thinking was to specify PFX file in axis2.xml under SERVER_CERT. There > is no tag in axis2.xml for specifying password. Where do I specify the > password? Can I do it programmatically or through module.xml? The SEVER_CERT is for https clients. It has no relation to Rampart/C, where it is focused on Message level Security. > > 3) This is just a reconfirmation. In the client guide, it is mentioned > that I can specify a PEM file. As long as PEM file is one certificate > per PEM file, can I still use a PEM file. One PEM file should contain one certificate. > > Thanks, > Raghu > > -----Original Message----- > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > Sent: Friday, September 19, 2008 5:35 AM > To: Apache AXIS C User List > Subject: Re: certificate file for communicating via https > > > On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote: > > If a web services client wants to communicate with different servers, > > can certificates for different servers be specified in one PEM file. > > For curl, you can specify a single certificate file which can contain > > multiple certificates. I would like to know whether axis2c provides > > this feature. > > No you can't specify it in one PEM file. Rampart/C the Axis2/C security > project does not support that. But you can store all the certificates in > a pfx key store and provide Rampart/C with the .pfx file with the > password to retrieve the certificate from the key store. > > > > > > > > > > Thanks, > > > > Raghu > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]