Hi Nencho,
My opinion is that we should not un-set the values. Why? According to
the sec-policy spec, message security will always be provided at the
transport level as long as Transport binding is used. So as long as we
are switching on HTTPS, when Transport binding is in use, then things
should be fine. However Rampart user should be able to configure these
parameters. These are my thoughts :-).
Regards,
Dimuthu
On Tue, 2007-05-29 at 12:50 +0300, Nencho Lupanov wrote:
> Hi dimuthu,
>
> I've managed to run the Transportbinding sample by generating the
> keystore for the client,
> importing the server certificate and setting the properties above.Yes
> i think that can be automated in rampart but my question is:
> if we set those properties,when do we un-set them?
>
> Regards,
> Nencho
>
>
>
> 2007/5/16, Dimuthu <[EMAIL PROTECTED]>:
> Hi Nencho,
>
> Couple of hours ago I was looking at how to configure ssl in
> Axis2
> client side becuase of Rampart-42. I found this article [1].
> Basically
> if you have JSSE, set the following four parameters in the
> client side
> properly and things should work smoothly when you give the EPR
> correctly.
>
> System.setProperty("javax.net.ssl.keyStorePassword",
> "password");
> System.setProperty("javax.net.ssl.keyStoreType", "JKS");
> System.setProperty("javax.net.ssl.trustStore",
> "client-truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword ",
> "trustPass");
>
> I haven't tried it. But it should work.
>
> By the way regarding Rampart-42, we can automate the client
> side SSL
> configuration as much as possible in the Rampart when it comes
> to
> TransportBinding assertion, but serverside has to be handled
> manually.
> What do you think? I don't see a better solution.
>
> Cheers,
> Dimuthu
>
> [1]http://java.sun.com/products/jsse/INSTALL.html
>
>
> On Wed, 2007-05-16 at 13:33 +0300, Nencho Lupanov wrote:
> > Hi all,
> >
> > I am testing the TransportBinding assertion with
> UsernameToken.
> > Do I need some furthure configuration on tomcat in order to
> enable ssl?
> > I already configured ssl on port 9443.Is that enough?
> >
> > Does the enpoint needs to use this port?Do I only have to
> change the port at
> > the endpoint or something?
> >
> > Thanks,
> > Nencho
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
