Very valueable info indeed - should this just be slapped up on the WS-FX
wiki until something more polished is available???
This will save lots of ppl headaches i'm sure :)
Elliot
Dittmann, Werner wrote:
Thilo,
that would be appreciated by everyone using WSS4J. We
never really digged into the topic of certificate
management etc.
REgards,
Werner
-----Ursprüngliche Nachricht-----
Von: Thilo Frotscher [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 25. August 2005 19:57
An: [email protected]
Betreff: Thanks, guys!
Hi everybody,
I'd like to send many thanks to all developers of WSS4J
and to all other guys contributing to this mailing list
who helped us solving our interop problems with WSE.
Working together with a very smart .NET expert we
eventually managed to make our sample application work.
It turned out that WSS4J works GREAT - once you found
out *how* you have to configure both sides to make
interop work. Apart from software or configuration
issues, it turned out that certificates are a
particular reason for severe headaches. Most
tutorials or examples you can find online use
certificates that were somehow provided by somebody.
However, if you want to use your own certificates,
it takes quite a long time to figure out what
criteria these certificates have to meet to work
with both WSE and WSS4J. Two of the most important
prerequisites: use X509v3 certificates (not v1)
that contain a SKI (Subject Key Identifier) and
don't use keytool to create your certificates.
Use openSSL instead.
Once I find some spare time, I'll write down some
kind of step-by-step tutorial on how to create
interoperable apps with WSS4J and WSE and publish
it.
Thanks again!
Thilo
