Hi All,
This is driving me insane....I have a java web-service based on Axis running under Websphere v4 and IBM HTTP Server (aka Apache).
I have configured SSL on the web server and this works fine. I now want to go one step further and configure the web-server for client certification based authentication. I have confuigured the web-server to require a client certificate and proven this to be working by querying my web-service via my browser, passing the appropriate certificate.
Now I want to code my java client application to do the same thing. I started out the same way, got the Axis client working under plain old SSL - No problem. But I cannot get the client to pass the certificate to the web-server. This means I keep getting 403 forbidden errors. To further prove this I can see "Client did not supply a certificate" in the web server error log.
I have read lots of posts around setting System properties to define keystores and passwords etc but still cannot get it to work. Based on the 2 examples below I have come to the conclussion that it is the process of telling Axis where to look for the keystore is the problem as I did a basic URL reader application that just uses java.net.URL to read the results of the web-service and that works fine.
Please help...I really don't have any clues left.
I'm using the IBM JSSE implementation as to try and overide that with the Sun JSSE within websphere is also near on impossible.
Thanks in advance,
WEBBO
Code snippets:
==== THIS WORKS =====
System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
System.setProperty("javax.net.ssl.keyStorePassword","mypassword");System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
Security.addProvider(new com.ibm.jsse.JSSEProvider());
URL url = new
URL("https://myserver.com/servlet/myService?method=test";);
BufferedReader in = new BufferedReader(
new InputStreamReader(
url.openStream()));String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);in.close();
==== THIS DOESN'T ====
String endpoint = "https://myserver.com/service/myService?method=test";;
System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
System.setProperty("javax.net.ssl.keyStorePassword","mypassword");
System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
Security.addProvider(new com.ibm.jsse.JSSEProvider());
System.out.println("Creating my temp URL Object");
URL tURL = new URL (endpoint);
System.out.println ("Done"); Service service = new Service();
Call call = (Call) service.createCall();call.setTargetEndpointAddress(tURL);
QName qn = new QName( "http://me.com";, "myType" ); call.registerTypeMapping(WebspherePlatform.class, qn, new org.apache.axis.encoding.ser.BeanSerializerFactory (WebspherePlatform.class, qn), new org.apache.axis.encoding.ser.BeanDeserializerFactory (WebspherePlatform.class, qn)); call.setOperationName("getMyDetails");
myType ty = (myType) call.invoke(new Object[] {});_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/
