RE: Authenticate Webservice clients by https

[Alexey Krivitsky]

Title: Message

Stefan,

 

Thanks for the article provided.

So, according to what the author says, tomcat 4.0.1 does not support client based authentication, does it?

On which tomcat did you manage to establish this approach?

 

Thanks.

-----Original Message-----
From: Stefan Carlsson [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 10:31 AM
To: '[EMAIL PROTECTED]'
Subject: SV: Authenticate Webservice clients by https

 

Yes, you should have different keystores for server and client...

 

Perhaps this document may help you, even if it primarily describes

SSL with Axis... I used it and (after some tweeks) got everything work

with JWSDP... If you have any further questions I will try to assist...

 

Regards,

stefan

 

 

-----Ursprungligt meddelande-----
Fr�n: Alexey Krivitsky [mailto:[EMAIL PROTECTED]]
Skickat: den 6 december 2002 09:10
Till: [EMAIL PROTECTED]
�mne: Authenticate Webservice clients by https

Hello,

 

By default HTTPS makes authentication of webservers, which might be quite reasonable

for standard web applications. Since we are developing Webservices, we are interested in authentication of our clients (or both)

 

I have successfully made the client authenticate the server, but failed doing it vice versa or both.

I would be appreciated if anybody could assist me with that.

 

When running the sample, the socket connection is closed after the server sends HelloDone message?

 

Is anything missing in the config and client code below?

Should I have different keystorages for server and client?

 

I use tomcat-4.0.3 and axis-1.0

 

in server.xml of tomcat I've got the following:

    <Connector className="org.apache.catalina.connector.http.HttpConnector"
               port="8443"
               minProcessors="5"
               maxProcessors="75"
               enableLookups="false"
               acceptCount="10"
               debug="9"
               scheme="https"
               secure="true">
      <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
               clientAuth="true"
               keystoreFile="D:\keys\.keystore"
               protocol="TLS"/>
    </Connector>

 

in my client code I've got this:

     System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");

   java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

 

   System.setProperty("javax.net.ssl.trustStore", "D:\\keys\\.keystore");
   System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

 

   System.setProperty("javax.net.ssl.keyStore", "D:\\keys\\.keystore");
   System.setProperty("javax.net.ssl.keyStorePassword", "changeit");

 

 

Thanks!