On Fri, 2008-10-03 at 12:14 -0400, Raghu Udupa wrote:
Thanks Manjula. I need a couple more clarifications,
1) If I store multiple certificates in a PFX file, how would
axis2c/rampart know which certificate to use?
You need to provide the password in order to retrieve the certifcate.
1.1) Does it go by the domain name in the URI? If so, what is the
criteria? That is, if URI is
www.webservices.com/axis2/services/myservice, then, does it use the
domain www.webservices.com for retrieving the certificate.
1.2) Do I need to specify a password for each certificate?
2) You mention providing .pfx file and password to Rampart/C. My
thinking was to specify PFX file in axis2.xml under SERVER_CERT. There
is no tag in axis2.xml for specifying password. Where do I specify the
password? Can I do it programmatically or through module.xml?
The SEVER_CERT is for https clients. It has no relation to Rampart/C,
where it is focused on Message level Security.
3) This is just a reconfirmation. In the client guide, it is mentioned
that I can specify a PEM file. As long as PEM file is one certificate
per PEM file, can I still use a PEM file.
One PEM file should contain one certificate.
Thanks,
Raghu
-Original Message-
From: Manjula Peiris [mailto:[EMAIL PROTECTED]
Sent: Friday, September 19, 2008 5:35 AM
To: Apache AXIS C User List
Subject: Re: certificate file for communicating via https
On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
If a web services client wants to communicate with different servers,
can certificates for different servers be specified in one PEM file.
For curl, you can specify a single certificate file which can contain
multiple certificates. I would like to know whether axis2c provides
this feature.
No you can't specify it in one PEM file. Rampart/C the Axis2/C security
project does not support that. But you can store all the certificates in
a pfx key store and provide Rampart/C with the .pfx file with the
password to retrieve the certificate from the key store.
Thanks,
Raghu
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]