RE: certificate file for communicating via https

2008-10-03 Thread Raghu Udupa 
Thanks Manjula. I need a couple more clarifications,

1) If I store multiple certificates in a PFX file, how would
axis2c/rampart know which certificate to use?

1.1) Does it go by the domain name in the URI? If so, what is the
criteria?  That is, if URI is
www.webservices.com/axis2/services/myservice, then, does it use the
domain www.webservices.com for retrieving the certificate.

1.2) Do I need to specify a password for each certificate?

2) You mention providing .pfx file and password to Rampart/C. My
thinking was to specify PFX file in axis2.xml under SERVER_CERT. There
is no tag in axis2.xml for specifying password. Where do I specify the
password? Can I do it programmatically or through module.xml? 

3) This is just a reconfirmation. In the client guide, it is mentioned
that I can specify a PEM file. As long as PEM file is one certificate
per PEM file, can I still use a PEM file.

Thanks,
Raghu

-Original Message-
From: Manjula Peiris [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 19, 2008 5:35 AM
To: Apache AXIS C User List
Subject: Re: certificate file for communicating via https


On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
 If a web services client wants to communicate with different servers,
 can certificates for different servers be specified in one PEM file.
 For curl, you can specify a single certificate file which can contain
 multiple certificates. I would like to know whether axis2c provides
 this feature.

No you can't specify it in one PEM file. Rampart/C the Axis2/C security
project does not support that. But you can store all the certificates in
a pfx key store and provide Rampart/C with the .pfx file with the
password to retrieve the certificate from the key store. 


 
  
 
 Thanks,
 
 Raghu
 
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: certificate file for communicating via https

2008-10-03 Thread Manjula Peiris 

On Fri, 2008-10-03 at 12:14 -0400, Raghu Udupa wrote:
 Thanks Manjula. I need a couple more clarifications,
 
 1) If I store multiple certificates in a PFX file, how would
 axis2c/rampart know which certificate to use?

You need to provide the password in order to retrieve the certifcate.

 
 1.1) Does it go by the domain name in the URI? If so, what is the
 criteria?  That is, if URI is
 www.webservices.com/axis2/services/myservice, then, does it use the
 domain www.webservices.com for retrieving the certificate.
 
 1.2) Do I need to specify a password for each certificate?

 2) You mention providing .pfx file and password to Rampart/C. My
 thinking was to specify PFX file in axis2.xml under SERVER_CERT. There
 is no tag in axis2.xml for specifying password. Where do I specify the
 password? Can I do it programmatically or through module.xml? 

The SEVER_CERT is for https clients. It has no relation to Rampart/C,
where it is focused on Message level Security.

 
 3) This is just a reconfirmation. In the client guide, it is mentioned
 that I can specify a PEM file. As long as PEM file is one certificate
 per PEM file, can I still use a PEM file.

One PEM file should contain one certificate.

 
 Thanks,
 Raghu
 
 -Original Message-
 From: Manjula Peiris [mailto:[EMAIL PROTECTED] 
 Sent: Friday, September 19, 2008 5:35 AM
 To: Apache AXIS C User List
 Subject: Re: certificate file for communicating via https
 
 
 On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
  If a web services client wants to communicate with different servers,
  can certificates for different servers be specified in one PEM file.
  For curl, you can specify a single certificate file which can contain
  multiple certificates. I would like to know whether axis2c provides
  this feature.
 
 No you can't specify it in one PEM file. Rampart/C the Axis2/C security
 project does not support that. But you can store all the certificates in
 a pfx key store and provide Rampart/C with the .pfx file with the
 password to retrieve the certificate from the key store. 
 
 
  
   
  
  Thanks,
  
  Raghu
  
  
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]