You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-user@axis.apache.org by Andy Karseras <ak...@gmail.com> on 2008/07/03 20:39:42 UTC
SSL Client Authentication Failure
Hi,
I am having trouble using an SSL Client with AXIS2C - basically,
authentication appears to fail.
I executed the following to obtain the server certificate...
echo |\
openssl s_client -connect localhost:7547 2>&1 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
..and got the following:-
-----BEGIN CERTIFICATE-----
MIIDFjCCAtSgAwIBAgIER6H2iDALBgcqhkjOOAQDBQAwbjEPMA0GA1UEBhMGQ2Fu
YWRhMRAwDgYDVQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2ExGDAWBgNVBAoT
D05vcnRlbCBOZXR3b3JrczEMMAoGA1UECxMDSU1TMRAwDgYDVQQDEwdXTUc2MDAw
MB4XDTA4MDEzMTE2MjU0NFoXDTA4MDQzMDE2MjU0NFowbjEPMA0GA1UEBhMGQ2Fu
YWRhMRAwDgYDVQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2ExGDAWBgNVBAoT
D05vcnRlbCBOZXR3b3JrczEMMAoGA1UECxMDSU1TMRAwDgYDVQQDEwdXTUc2MDAw
MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9E
AMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f
6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv
8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtc
NrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwky
jMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/h
WuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAJKVdCfsnmARwlgSMBKRLh4WyyzQ
TubhCrNuu3qwZuCILkzmTk/kmH4uCkcFiZx5I7uYphlgkoVW2qHAZ5t17xhz30uD
OilLCagWDPygT6wO2uZV1TruKmfEI7zYBGijDazNb2wV8wy1SwON38NC3nKeJf9X
BgK6RCCGjcaa75FrMAsGByqGSM44BAMFAAMvADAsAhRWOjxC/Lpp/FGm+3QfLEUU
NzoyvQIUfrBKhVVjCHNzuE4NxFb0zhluOMY=
-----END CERTIFICATE-----
My axis2.xml contents are...
<parameter
name="SERVER_CERT">/etc/nortel/apps/oam/configurationServer/security/cert.pem</parameter>
<!--parameter
name="KEY_FILE">/path/to/client/certificate/chain/file</parameter-->
<!--parameter name="SSL_PASSPHRASE">passphrase</parameter-->
The relevant logs as follows:-
[Thu Jul 3 13:12:57 2008] [debug] http_transport_sender.c(246) ctx_epr:
https://localhost:7547/services/ConfigurationServer
[Thu Jul 3 13:12:57 2008] [debug] http_transport_sender.c(768) using axis2
native http sender.
[Thu Jul 3 13:12:57 2008] [debug] http_sender.c(415)
msg_ctx_id:484e90ce-4923-1dd1-20df-00145eecc23a
[Thu Jul 3 13:12:57 2008] [info] [ssl client] Client certificate chain
filenot specified
[Thu Jul 3 13:12:57 2008] [debug] ssl/ssl_utils.c(190) [ssl client] SSL
certificate verified against peer
[Thu Jul 3 13:12:57 2008] [info] [ssl client] Client certificate chain
filenot specified
[Thu Jul 3 13:12:57 2008] [debug] ssl/ssl_utils.c(190) [ssl client] SSL
certificate verified against peer
[Thu Jul 3 13:12:57 2008] [error] http_sender.c(1293) HTTP Authentication
failed
[Thu Jul 3 13:12:57 2008] [error] http_sender.c(1399) Error occurred in
transport
[Thu Jul 3 13:12:57 2008] [error] engine.c(179) Transport sender invoke
failed
Any ideas or suggestions ?
Many thanks.
Andy
Re: SSL Client Authentication Failure
Posted by Andy Karseras <ak...@gmail.com>.
Yep, that worked...many thanks.
Andy
On Thu, Jul 3, 2008 at 3:13 PM, Dumindu Pallewela <pa...@gmail.com>
wrote:
> Hi Andy,
>
> <snip>
>
>>
>> I am having trouble using an SSL Client with AXIS2C - basically,
>> authentication appears to fail.
>>
>>
>> [Thu Jul 3 13:12:57 2008] [debug] http_transport_sender.c(246) ctx_epr:
>> https://localhost:7547/services/ConfigurationServer
>> [Thu Jul 3 13:12:57 2008] [debug] http_transport_sender.c(768) using
>> axis2 native http sender.
>> [Thu Jul 3 13:12:57 2008] [debug] http_sender.c(415)
>> msg_ctx_id:484e90ce-4923-1dd1-20df-00145eecc23a
>> [Thu Jul 3 13:12:57 2008] [info] [ssl client] Client certificate chain
>> filenot specified
>> [Thu Jul 3 13:12:57 2008] [debug] ssl/ssl_utils.c(190) [ssl client] SSL
>> certificate verified against peer
>> [Thu Jul 3 13:12:57 2008] [info] [ssl client] Client certificate chain
>> filenot specified
>> [Thu Jul 3 13:12:57 2008] [debug] ssl/ssl_utils.c(190) [ssl client] SSL
>> certificate verified against peer
>> [Thu Jul 3 13:12:57 2008] [error] http_sender.c(1293) HTTP Authentication
>> failed
>> [Thu Jul 3 13:12:57 2008] [error] http_sender.c(1399) Error occurred in
>> transport
>> [Thu Jul 3 13:12:57 2008] [error] engine.c(179) Transport sender invoke
>> failed
>>
>
> <snip>
>
> The debug message "SSL certificate verified against peer" means that the
> SSL connection had successfully been established. However, the trouble you
> are having is about HTTP Authentication. Try pointing your browser to the
> URL provided, it should ask you for a username/password. That is a HTTP
> protocol level authentication mechanism which is different from SSL.
>
> You can provide HTTP authentication parameters as described in Axis2 Manual
> [1].
>
> HTH.
>
> Dumindu.
>
> [1] http://ws.apache.org/axis2/c/docs/axis2c_manual.html#http_auth
>
> --
> Dumindu Pallewela
> Cinergix - "Share, Reuse, Innovate"
> cinergix.com
Re: SSL Client Authentication Failure
Posted by Dumindu Pallewela <pa...@gmail.com>.
Hi Andy,
<snip>
>
> I am having trouble using an SSL Client with AXIS2C - basically,
> authentication appears to fail.
>
>
> [Thu Jul 3 13:12:57 2008] [debug] http_transport_sender.c(246) ctx_epr:
> https://localhost:7547/services/ConfigurationServer
> [Thu Jul 3 13:12:57 2008] [debug] http_transport_sender.c(768) using axis2
> native http sender.
> [Thu Jul 3 13:12:57 2008] [debug] http_sender.c(415)
> msg_ctx_id:484e90ce-4923-1dd1-20df-00145eecc23a
> [Thu Jul 3 13:12:57 2008] [info] [ssl client] Client certificate chain
> filenot specified
> [Thu Jul 3 13:12:57 2008] [debug] ssl/ssl_utils.c(190) [ssl client] SSL
> certificate verified against peer
> [Thu Jul 3 13:12:57 2008] [info] [ssl client] Client certificate chain
> filenot specified
> [Thu Jul 3 13:12:57 2008] [debug] ssl/ssl_utils.c(190) [ssl client] SSL
> certificate verified against peer
> [Thu Jul 3 13:12:57 2008] [error] http_sender.c(1293) HTTP Authentication
> failed
> [Thu Jul 3 13:12:57 2008] [error] http_sender.c(1399) Error occurred in
> transport
> [Thu Jul 3 13:12:57 2008] [error] engine.c(179) Transport sender invoke
> failed
>
<snip>
The debug message "SSL certificate verified against peer" means that the SSL
connection had successfully been established. However, the trouble you are
having is about HTTP Authentication. Try pointing your browser to the URL
provided, it should ask you for a username/password. That is a HTTP protocol
level authentication mechanism which is different from SSL.
You can provide HTTP authentication parameters as described in Axis2 Manual
[1].
HTH.
Dumindu.
[1] http://ws.apache.org/axis2/c/docs/axis2c_manual.html#http_auth
--
Dumindu Pallewela
Cinergix - "Share, Reuse, Innovate"
cinergix.com