Re: Outbound HTTPS with Client Certificate

[Asankha C. Perera]

Hi Griffin If you are using the latest nhttp transport with 0.91 of Synapse, you will need to configure your axis2.xml to specify the https properties as shown here -> http://svn.apache.org/viewvc/webservices/synapse/trunk/java/repository/conf/axis2.xml?view=markup i.e. for outgoing https: <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender"> <parameter name="non-blocking" locked="false">true</parameter> <parameter name="keystore" locked="false"> <KeyStore> <Location>keystore.jks</Location> <Type>JKS</Type> <Password>password</Password> <KeyPassword>password</KeyPassword> </KeyStore> </parameter> <parameter name="truststore" locked="false"> <TrustStore> <Location>keystore.jks</Location> <Type>JKS</Type> <Password>password</Password> </TrustStore> </parameter> </transportSender> The keystore is expected to contain a single certificate for your identity and the trust store - the usual. Once this is setup, you should be able to talk https endpoints. Make sure to import the CA certs or the certs of the endpoints into your trust store. Now, once a Synapse configuration attempts to send a message to a https://.... endpoint, the https transport configuration above would be used. asankha Michael Griffin wrote: asankha, Thank you. I'll give it a try. Are there any specific samples / code that I should reference when I set this up. Let me know. Thanks, Griffin -----Original Message----- From: Asankha C. Perera [mailto:[EMAIL PROTECTED]] Sent: Monday, March 05, 2007 1:37 PM To: synapse-user@ws.apache.org Subject: Re: Outbound HTTPS with Client Certificate Hi Griffin Yes, this should be ready with the NIO transport enhancements we did for HTTPS already. We do set the trust and identity stores for the TransportSender with these enhancements. However we do not yet do host-name verification, and this area needs some more testing. If you would like to try this out with the new transport enhancements and 0.91 code, I would suggest that you take a svn checkout of the trunk, and perform a build using "mvn clean install" and drop the nhttp.jar that gets built into your existing 0.91 installations' lib directory. Right now we are doing some changes and cleanup on the trunk, so I do not want you to try the latest trunk until we have stabilized and completed the changes Let me know if you need any more help on this asankha Michael Griffin wrote: Does Synapse support using HTTPS with Client Certificates as an outbound transport? I would like to use Synapse to act as a gateway between my internal applications and an third-party hosted web service requiring HTTPS and client certificates. Any help or direction would be great. Thanks, Griffin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]