Ken - thanks very much - I will give it a try.
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 2:28 PM Subject: Re: WSOverSSL > Can't help you with 1. > > 2. Convert a key and certificate generated using OpenSSL into > a format usable by JSSE/keytool: > > o export your private key and certificate to a PEM format. > If you use openSSL to generate them, they are probably in PEM format > o Convert them to pkcs12 format with this command: > openssl pkcs12 -export -in yourPEMfileGoesHere.pem -out > yourKeystoreFilenameGoesHere > > You now have a readable keystore ... but it is in pkcs12 format. I > wanted mine in JKS format. But first reassure yourself you have a > valid keystore by doing: > > keytool -list -keystore yourKeystoreFilenameGoesHere -storetype PKCS12 > > to convert to JKS format, I compiled and ran the attached > java program: > > > > java keymove yourKeystoreFilenameGoesHere pkcs12 theFinalKeystoreFilename > jks > > The only gotcha with keymove is that the destination keystore *MUST* exist > beforehand. > > I'm only documenting what worked for me; it does seem there must be a > quicker/simpler method. > > Let me know if you run into any snags. > > Ken. > > -- > Ken Kress [EMAIL PROTECTED] > SAS, The Bank of New York 484.605.4834 > > > > > "Milind Gadre" <[EMAIL PROTECTED]> > 08/11/2003 12:05 PM > Please respond to axis-user > > > To: <[EMAIL PROTECTED]> > cc: <[EMAIL PROTECTED]> > Subject: Re: WSOverSSL > > > > Ken (or anyone else), would you have any ideas on how I can > > 1. Use JSSE/keytool to generate a key and certificate for use by > the Apache Web Server running OpenSSL?? > > OR > > 2. Convert a key and certificate generated using OpenSSL into a > format usable by JSSE/keytool? > > This would allow me to run a Axis client against a Apache+Tomcat+Axis > server. Thanks in advance. > > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 11, 2003 8:52 AM > Subject: RE: WSOverSSL > > > > Sanjesh, > > > > It may take me a while (2-3 days) to integrate the two sets of > > instructions. If you have a specific question, I'd > > be happy to address it if I can. > > > > Ken. > > > > -- > > Ken Kress [EMAIL PROTECTED] > > SAS, The Bank of New York 484.605.4834 > > > > > > > > > > "Pathak, Sanjesh" <[EMAIL PROTECTED]> > > 08/06/2003 12:19 PM > > Please respond to axis-user > > > > > > To: <[EMAIL PROTECTED]> > > cc: > > Subject: RE: WSOverSSL > > > > > > Ken, > > > > In the meantine can you please send it to the user list. > > > > Thanks, > > Sanjesh > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 06, 2003 8:55 AM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: WSOverSSL > > > > > > The SOAP write up: > > > > http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html > > > > and Pakaj Kumar's page: > > > > http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html > > > > were both very helpful when I was trying to connect an Axis > > client to a remote (Websphere) server over SSL. > > > > Thank you. > > > > I did run into some problems not covered by the articles and > > was wondering whether you would consider some additions > > to your documents. > > > > Specifically, I had difficulty in two areas: > > > > o the client certificate I was trying to install was a Verisign > > certificate stored in the Windows OS. I had to export it as a > > .pfx file and then use openssl to convert it (several steps) > > to a pkcs12 keystore. Finally, I converted that keystore into > > a jks keystore. > > o The client had to set the keystore property as well as the > > truststore property. > > > > Also, because I was using Axis, the client program is slightly > > different. > > > > If you are interested, please let me know where I should send > > my write up and in what format you would prefer it: > > > > o stand-alone document (Word or txt) > > o diffs to your document > > o ??? > > > > Thanks, > > > > Ken. > > > > -- > > Ken Kress [EMAIL PROTECTED] > > SAS, The Bank of New York 484.605.4834 > > > > > _______________________________________________________________________ > _ > > The information in this e-mail, and any attachment therein, is > > confidential and for use by the addressee only. If you are not the > > intended recipient, please return the e-mail to the sender and delete > it > > from your computer. Although The Bank of New York attempts to sweep > e-mail > > and attachments for viruses, it does not guarantee that either are > > virus-free and accepts no liability for any damage sustained as a > result > > of viruses. > > > > > > > ********************************************************************** > > This e-mail is the property of Enron Corp. and/or its relevant > affiliate > > and may contain confidential and privileged material for the sole use > of > > the intended recipient (s). Any review, use, distribution or > disclosure by > > others is strictly prohibited. If you are not the intended recipient > (or > > authorized to receive for the recipient), please contact the sender > or > > reply to Enron Corp. at [EMAIL PROTECTED] and > > delete all copies of the message. This e-mail (and any attachments > hereto) > > are not intended to be an offer (or an acceptance) and do not create > or > > evidence a binding and enforceable contract between Enron Corp. (or > any of > > its affiliates) and the intended recipient or any other party, and > may not > > be relied on by anyone as the basis of a contract by estoppel or > > otherwise. Thank you. > > > ********************************************************************** > > > > > > > > > > > > > _______________________________________________________________________ > _ > > The information in this e-mail, and any attachment therein, is > confidential and for use by the addressee only. If you are not the > intended recipient, please return the e-mail to the sender and delete > it from your computer. Although The Bank of New York attempts to sweep > e-mail and attachments for viruses, it does not guarantee that either > are virus-free and accepts no liability for any damage sustained as a > result of viruses. > > > > > > > > > > _______________________________________________________________________ _ > The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. Although The Bank of New York attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
