Thanx a lot! I think with these hints in my mind i can get it! Am Mittwoch, 29. Mai 2002 20:42 schrieben Sie: > On the client site, you have to import your server's certificate into your > client's keystore, since by default the java client authenticates the > server. > > On the server side, you can either enable or disable authenticating the > client > by changing the clientAuth flag. > > For your last question: I guess what heppens (I am not a developer of SSL > or TSL) is: > Whenever you use the https in your GET URL or POST FORM, the client and > server > are communicating through a SSL/TLS protocol. In this protocol, the client > and server first > go through a handshake process (exchange keys, certificates, algorithms > etc). Then they > communicate with encrypted data. So your first client request data should > be encrypted already. > (If the handshake process fails, the data should not be transmitted at > all).
That sounds healthy :-) I just wondered, because on most sites you can not login from the http page. You first have to load a https page with the login. Though the reason for that maybe another one. > J. > > -----Original Message----- > From: Bernd Wolfsegger [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 29, 2002 11:24 AM > To: [EMAIL PROTECTED] > Subject: Re: SOAP with SSL and Apache Webserver > > > Thanx for your answer. > I thought something like that. > I assume its the same with client certificates? > I have to configure the Apache Webserver for client certificates and put > these certificates at the appropiate places on the webserver? > (My client is Java) > > Sombody an answer for my 'silly' question ? > When making the first call to an URL using https, is the data transmitted > to > > the server allready encrypted? > Or is the data only encrypted when the call has been made form a page that > itself has been called with https? > > Am Mittwoch, 29. Mai 2002 17:59 schrieben Sie: > > If your client is Java, then you can import the server certificates into > > your client "cacerts" keystore using the "keytool" program, which is > > provided in the JRE. > > > > > > > > > > > > -----Original Message----- > > From: Bernd Wolfsegger [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 29, 2002 11:54 AM > > To: [EMAIL PROTECTED] > > Subject: SOAP with SSL and Apache Webserver > > > > > > Hallo, > > > > i want to use the Apache Webserver for SOAP connections. > > The Apache Webserver is configured for serverside SSL and > > routing the requests to tomcat (Tomcat 4.03 / Warp). > > 'Normal' SSL, calling the SOAP admintool in a browser, is working. > > But what about the client certificates? > > Is the clientcode the same as in the SOAP Documentation about SSL with > > tomcat only? > > Does anyone know sources where i can get information about this? > > > > One perhaps silly last question :-) > > When making the first call to an URL using https, is the data transmitted > > allready encrypted? > > > > Thanx, Bernd Wolfsegger -- | bernd wolfsegger, dipl.-ing. | entwicklung, programmierung, netzwerkadministration | Sun Certified Programmer for Java(TM) 2 Platform | [EMAIL PROTECTED] | interactive tools gmbh | agentur f�r digitale medien | schoenhauser allee 36 d-10435 berlin | fon +49(0) 30.72 62 77 - 900 | fax +49(0) 30.72 62 77 - 901 | http://www.interactive-tools.de/ let your soul be your pilot
