SSL, Mutual or Client Authentication
Hi All, I am very new to Axis, I just installed it yesterday. I am trying to use Axis over an HTTPS connection. I want to be able to use SSL with mutual authentication before Axis2 even receives the request. I am running Axis2 on Tomcat. I was wondering if I should let Tomcat handle the SSL part or if Axis2 has its own features? CanTomcat do mutual authentication, i.e. authenticating the client? If not can Axis2 do mutual authentication for SSL? Here are 2 routes I have considered and my questions regarding both possibilities: 1.Configuring SSL with Tomcat: - I have discovered that I can define a connector with Tomcat under the $CATALINA_HOME/conf/server.xml !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" / - How do I specify Tomcat to use only use the secure connector and not the non-SSL connector when talking to Axis2? 2. Configuring Axis2 to handle SSL connections: - Can Axis2 do this? If so can it deal with mutual authentication? Thank you in advance, Piragash
Re: SSL, Mutual or Client Authentication
If you want mutual authentication between client and server you need first a certificate for the client and the server. To get them you can try use openssl. Second you need configure SSL with Tomcat in the way you have explained and delete or comment from the server.xml the connector port="8080" In this way Tomcat will be listening in the secure port 8443. - Original Message - From: VELUMMYLUM Piragash To: axis-user@ws.apache.org Sent: Thursday, October 19, 2006 5:28 PM Subject: SSL, Mutual or Client Authentication Hi All, I am very new to Axis, I just installed it yesterday. I am trying to use Axis over an HTTPS connection. I want to be able to use SSL with mutual authentication before Axis2 even receives the request. I am running Axis2 on Tomcat. I was wondering if I should let Tomcat handle the SSL part or if Axis2 has its own features? CanTomcat do mutual authentication, i.e. authenticating the client? If not can Axis2 do mutual authentication for SSL? Here are 2 routes I have considered and my questions regarding both possibilities: 1.Configuring SSL with Tomcat: - I have discovered that I can define a connector with Tomcat under the $CATALINA_HOME/conf/server.xml !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" / - How do I specify Tomcat to use only use the secure connector and not the non-SSL connector when talking to Axis2? 2. Configuring Axis2 to handle SSL connections: - Can Axis2 do this? If so can it deal with mutual authentication? Thank you in advance, Piragash
RE: SSL, Mutual or Client Authentication
I do need port 8080(non-SSL) open with Tomcat for other webapps that I am running. However I would like it to only use port 8443(SSL) to communicate with Axis2. From: Jesús Daniel Blázquez Carazo [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 12:02 PMTo: axis-user@ws.apache.orgSubject: Re: SSL, Mutual or Client Authentication If you want mutual authentication between client and server you need first a certificate for the client and the server. To get them you can try use openssl. Second you need configure SSL with Tomcat in the way you have explained and delete or comment from the server.xml the connector port="8080" In this way Tomcat will be listening in the secure port 8443. - Original Message - From: VELUMMYLUM Piragash To: axis-user@ws.apache.org Sent: Thursday, October 19, 2006 5:28 PM Subject: SSL, Mutual or Client Authentication Hi All, I am very new to Axis, I just installed it yesterday. I am trying to use Axis over an HTTPS connection. I want to be able to use SSL with mutual authentication before Axis2 even receives the request. I am running Axis2 on Tomcat. I was wondering if I should let Tomcat handle the SSL part or if Axis2 has its own features? CanTomcat do mutual authentication, i.e. authenticating the client? If not can Axis2 do mutual authentication for SSL? Here are 2 routes I have considered and my questions regarding both possibilities: 1.Configuring SSL with Tomcat: - I have discovered that I can define a connector with Tomcat under the $CATALINA_HOME/conf/server.xml !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" / - How do I specify Tomcat to use only use the secure connector and not the non-SSL connector when talking to Axis2? 2. Configuring Axis2 to handle SSL connections: - Can Axis2 do this? If so can it deal with mutual authentication? Thank you in advance, Piragash
RE: SSL, Mutual or Client Authentication
Add this to web.xml of Axis2: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Sanjesh Real-Time Web Service Monitoring for Axis, Axis2 and Synapse SoapKnox Inc http://www.soapknox.com Ph: 832 279 3745 From: VELUMMYLUM Piragash [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 11:13 AM To: axis-user@ws.apache.org Subject: RE: SSL, Mutual or Client Authentication I do need port 8080(non-SSL) open with Tomcat for other webapps that I am running. However I would like it to only use port 8443(SSL) to communicate with Axis2. From: Jesús Daniel Blázquez Carazo [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 12:02 PM To: axis-user@ws.apache.org Subject: Re: SSL, Mutual or Client Authentication If you want mutual authentication between client and server you need first a certificate for the client and the server. To get them you can try use openssl. Second you need configure SSL with Tomcat in the way you have explained and delete or comment from the server.xml the connector port=8080 In this way Tomcat will be listening in the secure port 8443. - Original Message - From: VELUMMYLUM Piragash To: axis-user@ws.apache.org Sent: Thursday, October 19, 2006 5:28 PM Subject: SSL, Mutual or Client Authentication Hi All, I am very new to Axis, I just installed it yesterday. I am trying to use Axis over an HTTPS connection. I want to be able to use SSL with mutual authentication before Axis2 even receives the request. I am running Axis2 on Tomcat. I was wondering if I should let Tomcat handle the SSL part or if Axis2 has its own features? CanTomcat do mutual authentication, i.e. authenticating the client? If not can Axis2 do mutual authentication for SSL? Here are 2 routes I have considered and my questions regarding both possibilities: 1.Configuring SSL with Tomcat: - I have discovered that I can define a connector with Tomcat under the $CATALINA_HOME/conf/server.xml !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / - How do I specify Tomcat to use only use the secure connector and not the non-SSL connector when talking to Axis2? 2. Configuring Axis2 to handle SSL connections: - Can Axis2 do this? If so can it deal with mutual authentication? Thank you in advance, Piragash