You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by sh_santosh <sa...@gmail.com> on 2008/07/07 11:50:16 UTC
Re: Using certificates when communicated from a .NET client to a
wss4j service
Hi all,
I want to create keystore and other related files for invoking .Net web
services(WSE 3.0).
I am using jdk1.5.0_05 , jakarta-tomcat-5.0.28, axis 1.3 , wss4j.
How to create keystore, What step need to flow.
Please provide any link and tutorial.
Regards
Santosh
Joshua Kuritzky wrote:
>
> Hi. I've slowly been making headway getting a WSE 3.0 .NET client
> talking to a wss4j service. I can turn on security and I can
> authenticate with a UsernameToken, but now I'm having a lot of difficult
> getting signing with certificates to work.
>
> Using a combination of openssl and keytool I've created and signed my
> certificates and I know by looking at a TCP trace the client is using
> the server's certificate to sign its requests, but... whenever I do this
> the server gives a response saying that the security header is missing.
>
> I'm doing my best to make sense of the documentation and here's what I
> have so far:
>
> I have a crypto.properties file named "server_crypto.properties" with
> the following contents:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=storepass
> org.apache.ws.security.crypto.merlin.file=U:/sslstuff2/keystore
>
> and my server-config.wsdd has the following lines:
>
> <parameter name="passwordCallbackClass" value="test.PWCallback"/>
> <parameter name="action" value="Signature Timestamp"/>
> <parameter name="signaturePropFile" value="server_crypto.properties"/>
>
> I have a few questions:
>
> 1. The obvious one: How do I make this work?
> 2. Is there any way to have axis and/or wss4j log what it's doing so I
> can get a better idea of what's going wrong besides the SOAP response?
> 3. Where should the crypto.properties file go?
>
> Thanks for your help,
> -Joshua
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Using-certificates-when-communicated-from-a-.NET-client-to-a-wss4j-service-tp7133516p18313276.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Using certificates when communicated from a .NET client to a wss4j
service
Posted by Fred Dushin <fa...@apache.org>.
Hi Santosh,
If you're just need to create self-signed certificates, your best bet
is to probably use the keytool command, which comes with the JDK:
http://java.sun.com/j2se/1.5.0/docs/tooldocs/index.html#security
If you need to create certificate chains, then you may be better off
using the openssl command, which is written in C, but has been ported
to many operating systems:
http://www.openssl.org/docs/apps/openssl.html
Finally, if you need to build certificate chains in Java, the
BouncyCastle toolkit has APIs for generating and issuing X.509 v1 and
v3 certificates:
http://www.bouncycastle.org/docs/docs1.5/index.html
Hopefully, these links should get you going.
Note that if you are trying to communicate with applications out of
your control (say, on your WSE3 or Tomcat applications), you may need
to either get certificates issued by CAs your mutually trust, or you
may need to add any CAs you create to the trust stores for your
applications. It depends a lot on what you're trying to do.
-Fred
On Jul 7, 2008, at 5:50 AM, sh_santosh wrote:
>
> Hi all,
>
> I want to create keystore and other related files for invoking .Net
> web
> services(WSE 3.0).
> I am using jdk1.5.0_05 , jakarta-tomcat-5.0.28, axis 1.3 , wss4j.
>
> How to create keystore, What step need to flow.
>
> Please provide any link and tutorial.
>
>
>
>
> Regards
> Santosh
>
>
> Joshua Kuritzky wrote:
>>
>> Hi. I've slowly been making headway getting a WSE 3.0 .NET client
>> talking to a wss4j service. I can turn on security and I can
>> authenticate with a UsernameToken, but now I'm having a lot of
>> difficult
>> getting signing with certificates to work.
>>
>> Using a combination of openssl and keytool I've created and signed my
>> certificates and I know by looking at a TCP trace the client is using
>> the server's certificate to sign its requests, but... whenever I do
>> this
>> the server gives a response saying that the security header is
>> missing.
>>
>> I'm doing my best to make sense of the documentation and here's
>> what I
>> have so far:
>>
>> I have a crypto.properties file named "server_crypto.properties" with
>> the following contents:
>>
>> org
>> .apache
>> .ws
>> .security
>> .crypto.provider=org.apache.ws.security.components.crypto.Merlin
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.password=storepass
>> org.apache.ws.security.crypto.merlin.file=U:/sslstuff2/keystore
>>
>> and my server-config.wsdd has the following lines:
>>
>> <parameter name="passwordCallbackClass" value="test.PWCallback"/>
>> <parameter name="action" value="Signature Timestamp"/>
>> <parameter name="signaturePropFile"
>> value="server_crypto.properties"/>
>>
>> I have a few questions:
>>
>> 1. The obvious one: How do I make this work?
>> 2. Is there any way to have axis and/or wss4j log what it's doing
>> so I
>> can get a better idea of what's going wrong besides the SOAP
>> response?
>> 3. Where should the crypto.properties file go?
>>
>> Thanks for your help,
>> -Joshua
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Using-certificates-when-communicated-from-a-.NET-client-to-a-wss4j-service-tp7133516p18313276.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org