Haven't figured it out exactly, but with some combination of upgrading
to 1.2 beta, changing the client endpoint url to https:// vs. http://
(doh :O), and fixing a corrupted client keystore, it seems to be working
now.
--m
Michael Thompson wrote:
Ladies and Gentlemen,
I'm having a VERY tough time getting axis configured for SSL comm to
a Tomcat web server. I've followed several readmes, blogs, former
mail postings, but I can't seem to get it right. I'm using axis 1.1
and tomcat 4.1.30.
I'm doing this with self signed certs just to attempt to get this
running. Here are the steps I am following for 2 way SSL with axis:
create server certificate in serverKeys
create client certificate in clientKeys
export server certicate to server.cer
export client certificate to client.cer
import client.cer into serverTrust as a trusted cert.
import server.cer into clientTrust as a trusted cert.
setup 2 way ssl in tomcat:
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
port="8443"
minProcessors="5"
maxProcessors="75"
enableLookups="true"
acceptCount="10"
debug="0"
scheme="https"
secure="true">
<Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="true"
protocol="TLS"
keystoreFile="/path/to/server/keys/serverKeys"
keystorePass="serverKeysPassword"/>
</Connector>
Fire up tomcat with:
JAVA_OPTS=-Djavax.net.ssl.trustStore=/path/to/server/trust/serverTrust
-Djavax.net.ssl.trustStorePassword=trustStorePassword
Fire up axis client pointing to tomcat server on port 8443 with
-Djavax.net.ssl.trustStore=/path/to/client/trust/clientTrust
-Djavax.net.ssl.trustStorePassword=clientTrustPassword
-Djavax.net.ssl.keyStore=/path/to/client/keys/clientKeys
-Djavax.net.ssl.keyStorePassword=clientKeysPassword
Seems good? Here is the exception I keep getting on the client side:
INFO | jvm 1 | 2004/05/28 14:44:48 |
java.lang.NumberFormatException: For input string: ""
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.client.Call.invokeEngine(Call.java:2564)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.client.Call.invoke(Call.java:2553)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.client.Call.invoke(Call.java:2248)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.client.Call.invoke(Call.java:2171)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.client.Call.invoke(Call.java:1691)
...
INFO | jvm 1 | 2004/05/28 14:44:48 | Caused by:
java.lang.NumberFormatException: For input string: ""
INFO | jvm 1 | 2004/05/28 14:44:48 | at
java.lang.NumberFormatException.forInputString(Unknown Source)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
java.lang.Integer.parseInt(Unknown Source)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
java.lang.Integer.parseInt(Unknown Source)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.transport.http.HTTPSender.readHeadersFromSocket(HTTPSender.java:563)
INFO | jvm 1 | 2004/05/28 14:44:48 | at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:127)
INFO | jvm 1 | 2004/05/28 14:44:48 | ... 12 more
INFO | jvm 1 | 2004/05/28 14:44:48 |
java.lang.NumberFormatException: For input string: ""
I know the server side ssl stuff is working, cause if I turn off the 2
way on the tomcat config, I can browse to https://localhost:8443 and
it will ask if I want to trust my server certificate and works fine
from then on. I get the same exception on the client side if I try
this oneway only.
Thanks in advance!
--m
