On 10/14/13 7:47 AM, Dennis Sosnoski wrote:
On 10/15/2013 12:24 AM, Dennis Sosnoski wrote:
...That still leaves you distributing server certificates to clients,
but you can always embed these in the policy and have the client load
that from a secure source (note that I haven't tried this with CXF,
but AFAIK it should work).
Sorry, I don't think there is any way of doing this. When I wrote the
original response I thought I'd seen it somewhere, but after looking
over the WS-SecurityPolicy specifications I think I was wrong. Too bad
- it would be great to have a way to avoid distributing server
certificates to clients.
Darn, darn, darn. So even if I were to try to use
WS-SecureConversation, I'm still stuck with getting a server cert to the
client's trust store? That is, there is at least one response in the
WS-SecureConversation workflow which will be signed by the private key
of the server, necessitating the inclusion of the public key cert of the
server in the client's truststore?
Susan
