On the client site, you have to import your server's certificate into your client's keystore, since by default the java client authenticates the server.
On the server side, you can either enable or disable authenticating the client by changing the clientAuth flag. For your last question: I guess what heppens (I am not a developer of SSL or TSL) is: Whenever you use the https in your GET URL or POST FORM, the client and server are communicating through a SSL/TLS protocol. In this protocol, the client and server first go through a handshake process (exchange keys, certificates, algorithms etc). Then they communicate with encrypted data. So your first client request data should be encrypted already. (If the handshake process fails, the data should not be transmitted at all). J. -----Original Message----- From: Bernd Wolfsegger [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 11:24 AM To: [EMAIL PROTECTED] Subject: Re: SOAP with SSL and Apache Webserver Thanx for your answer. I thought something like that. I assume its the same with client certificates? I have to configure the Apache Webserver for client certificates and put these certificates at the appropiate places on the webserver? (My client is Java) Sombody an answer for my 'silly' question ? When making the first call to an URL using https, is the data transmitted to the server allready encrypted? Or is the data only encrypted when the call has been made form a page that itself has been called with https? Am Mittwoch, 29. Mai 2002 17:59 schrieben Sie: > If your client is Java, then you can import the server certificates into > your client "cacerts" keystore using the "keytool" program, which is > provided in the JRE. > > > > > > -----Original Message----- > From: Bernd Wolfsegger [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 29, 2002 11:54 AM > To: [EMAIL PROTECTED] > Subject: SOAP with SSL and Apache Webserver > > > Hallo, > > i want to use the Apache Webserver for SOAP connections. > The Apache Webserver is configured for serverside SSL and > routing the requests to tomcat (Tomcat 4.03 / Warp). > 'Normal' SSL, calling the SOAP admintool in a browser, is working. > But what about the client certificates? > Is the clientcode the same as in the SOAP Documentation about SSL with > tomcat only? > Does anyone know sources where i can get information about this? > > One perhaps silly last question :-) > When making the first call to an URL using https, is the data transmitted > allready encrypted? > > Thanx, Bernd Wolfsegger -- | bernd wolfsegger, dipl.-ing. | entwicklung, programmierung, netzwerkadministration | Sun Certified Programmer for Java(TM) 2 Platform | [EMAIL PROTECTED] | interactive tools gmbh | agentur f�r digitale medien | schoenhauser allee 36 d-10435 berlin | fon +49(0) 30.72 62 77 - 900 | fax +49(0) 30.72 62 77 - 901 | http://www.interactive-tools.de/ let your soul be your pilot
