I've got "Signature Encrypt" set up both-ways on client/server. Keys, certs and keystores also sorted out (see attached file on how I went about it). Everything seems to be working but when using the Axis SOAP Monitor app, I can see the ws-sec headers in the outgoing request message, but when response from the Server only shows SOAP header & body *without* the ws-sec stuff.
Yet my client is reporting that all is working e.g.:
- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
- Verification successful for URI "#id-15140795"
The server WSDD has got the :
<handler name="soapmonitor" type="java:org.apache.axis.handlers.SOAPMonitorHandler"/>
on global config area and also in the request and response flow areas: <handler type="soapmonitor"/>
I mean, both server and client are telling me that all is fine, but unless I can see the server's response with the signature and encrypted elements, I can't say it is. What I'm I doing wrong...?
Thanks in advance.
Ash
PS. the server is running on JBoss 3.2.5 (Axis war file) and client is running as java app running from Eclipse.
This File Created: 11/10/2005 This File Last updated: 11/10/2005 OpenSSL & other commands for version 3 X509 certs, self-certification, private keys, keystores conversion etc.
Tools: KeyTool GUI 1.6 (2003 Wayne Grant, GPL) - now superceded by KeyTool Explorer - http://www.lazgosoftware.com/kse/ OpenSSL for windows (still command line) version 0.9.8 (05 Jul 2005) http://www.slproweb.com/products/Win32OpenSSL.html 1. generate triple des rsa keypair (512 bits) openssl genrsa -des3 -out ws-server.key 512 2. self-sign & export x509 cert (md5 algo, 365 validity) openssl req -new -x509 -days 365 -md5 -key ws-server.key -out ws-server.crt (blank for all attributes except for CN) ********************************************** *** Do the same as above for the client(s) *** ********************************************** 3. convert from PEM format and add to PKCS#12 keystore: openssl pkcs12 -export -out ws-server.pfx -inkey ws-server.key -in ws-server.crt ********************************************** *** Do the same as above for the client(s) *** ********************************************** -------------------------------------------------------------------- 4. load pkcs12 files into KeyTool and import server's public cert in to the clients' keystore - AND VICE VERSA 5. Convert to JKS format (change Keystore type) and set the keypair password (note: there's a password for the keystore and password for the keys/certs. password for key/cert should be in PasswordCallback class and password for keystore should be in crypto.props file)
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
