Hi all,
I'm experiencing some problems trying to connect to a WS using SSL with a
PKCS#11 Provider and a HSM (Hardware Security Module). The destination WS is
returning a message "HTTP 403.7 - Forbidden: Client certificate required".
When I try to connect the same WS, but using a JKS KeyStore, the connection
and handshake is done without any problem.
Before I call the WS, I basically set the JCA system variables like that:
Using a JKS KeyStore:
props.setProperty("javax.net.ssl.keyStore","C:/Certificados_TA/transpamerica
na.jks");
props.setProperty("javax.net.ssl.keyStorePassword", "xxxxx");
props.setProperty("javax.net.ssl.keyStoreType", "JKS");
Using HSM and PKCS #11:
props.setProperty("javax.net.ssl.keyStore", "NONE");
props.setProperty("javax.net.ssl.keyStorePassword", "xxxx");
props.setProperty("javax.net.ssl.keyStoreType", "PKCS11");
The server certificate where I'm trying to connect and his certificate chain
was imported to the <JAVA_HOME>\jre\lib\security\cacerts.
Since I'm receiving the message "Client certificate required", I can
conclude that Axis for some reason cannot get the private key from inside
HSM. Hence, I'd like to know what exactly Axis is trying to do to read this
private key. Axis is trying to export the private key? If so, we've got a
problem because the key isn't exportable.
Any clue will be very helpful.
Thanks.
Fernando Cesar
developer / researcher
Phone: +55 19 3794 1608
Mobile: +55 19 9839 9989
www.synchro.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
