Re: [Axis2] SSL server certificate

Mon, 03 Mar 2008 08:28:47 -0800 

Hi Nandana,

Thanks for your comments. I'm wondering whether we should import
certificates to the default Java trusted store
(jre/lib/security/cacertificates) or to have a separate trusted key store
file for our application and import certificate to it? Which one is a better
solution from the security point of view?

The other question how can we show certificate to the user and then import
it programmatically the same way web-browsers do?

Thanks

Joe

On Mon, Mar 3, 2008 at 10:09 AM, Nandana Mihindukulasooriya <
[EMAIL PROTECTED]> wrote:

> Hi Nuria,
>       yes, you need to set a system property in the client side to
> add that key store containing that cert as a trusted key store. This
> can be simply done using
>
>        System.setProperty("javax.net.ssl.trustStore",
> "path/to/keystore.jks");
>        System.setProperty("javax.net.ssl.trustStorePassword", "password");
>
> in the client side.
>
> thanks,
> nandana
>
> On Mon, Mar 3, 2008 at 8:14 PM, Nuria Rodríguez García
> <[EMAIL PROTECTED]> wrote:
> >
> >
> > Hello:
> >
> >
> >
> > I'm using Axis2 and I need to use SSL to connect to a WS.
> >
> > In server side I do the following:
> >
> >
> >
> >             I configure the server.xml file in tomcat. I have:
> >
> >                         <Connector port="8443"
> >
> >                maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75"
> >
> >                enableLookups="false" disableUploadTimeout="true"
> >
> >                acceptCount="100" debug="0" scheme="https" secure="true"
> >
> >                clientAuth="false" sslProtocol="TLS" />
> >
> >
> >
> >             Then I generate a server certificate doing the following:
> >
> >                         keytool -genkey -alias tomcat -keyalg RSA
> >
> >                         keytool -export -alias tomcat -storepass
> changeit
> > -file server.cer
> >
> >                         keytool -import -v -trustcacerts -alias tomcat
> -file
> > server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -keypass
> changeit
> > -storepass changeit
> >
> >
> >
> >             I start-up tomcat and when I call the service using the EPR
> > "https://mymachine:8443/ ...." I receive the following exception:
> >
> >
> >
> >                         I/O exception (org.apache.axis2.AxisFault)
> caught
> > when processing request: sun.security.validator.ValidatorException: PKIX
> > path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> > valid certification path to requested target
> >
> >
> >
> > I don't know if I need to indicate something from the client side.
> >
> >
> >
> > Thanks,
> >
> > Nuria
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

Reply via email to