> -----Original Message----- > From: Christer Holmér [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 17, 2002 7:35 AM > To: [EMAIL PROTECTED] > Subject: AW: Axis and SSL > > > This works if you have JSSE installed (included in JDK 1.4). See > documentation at http://java.sun.com/products/jsse/. > > In short, set the following System properties: > java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol > javax.net.ssl.keyStore=<keystore_file> > javax.net.ssl.keyStoreType=JKS > javax.net.ssl.keyStorePassword=<keystore_password> > javax.net.ssl.trustStore=<truststore_file> > javax.net.ssl.trustStoreType=JKS > javax.net.ssl.trustStorePassword=<truststore_password> > > Both the truststore and the keystore are Java Keystores, i.e. > containers of > keys and certificates. The truststore contains trusted > certificates, i.e. > trusted issuers of certificates (CA). The keystore contains > your private key > and the associated public key certificate. The keystore is > only necessary if > you are using client-authentication & SSL (which isn't so common). >
I've gotten past the original error but am still confused. Please verify that when I include -Djavax.net.ssl.trustStore=<file> on the server command line it sets the system property javax.net.ssl.trustStore. I'm new to Java, and this is One Of Those Things that's so obvious and basic it never appears anywhere. There are now two different behaviors: Server and Client on same system and I set the trustStore system property: Works, but Server prints warning messages about an unauthenticated peer. How can I make it stop doing that? And why does it care when I have clientAuth="false" in the relevant Factory element in %CATALINA_HOME%\conf\server.xml? (Server and Client on same system, and I DON'T set the trustStore system property) OR (Server and Client on different systems). I always get "javax.net.ssl.SSLHandShakeException: java.security.cert.CerificateException: Couldn't find trusted certificate". I'm missing something important here but can't see what. Any guidance? Michael D. Spence Mockingbird Data Systems, Inc. M
<<attachment: winmail.dat>>
