Hi Nate, Please see my comments below.
On Fri, 2008-04-11 at 16:39 -0700, Nate Roe wrote: > I've secured a service using Rampart, and now I'm considering how to > implement the certificate issuance portion. > > To get the service running, I followed Ruchith Fernando's tutorial: > http://wso2.org/library/174 > > Is it necessary to modify the service's keystore to add new client > certificates? Is it possible to store the service's copy of the client's > public keys in a database or in separate files in the filesystem? The easiest way to do this would be to ask the client to include the certificate in the request message always. If we want to store a certificate, we usually store it in the KeyStore, so that Rampart can easily pick it up from KeyStore. > Why does my password callback class need to supply the client's certificate > password? It's just supposed to be the client's public key, right? So, why > the password? Even though we have a single password callback class in Rampart samples in the real world scenario there should be two password callback classes - one for server and one for client. At the server side password callback class do not need to supply client's password. Thank you, Dimuthu > Thanks, > Nate Roe
