You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Mel Hama <sl...@gmail.com> on 2005/09/28 00:55:57 UTC
2 Way SSL to WebLogic Server
Can anyone give me some pointers on how to use 2-way ssl with an Axis
client calling a WebLogic 8.1 web service? I've set:
System.setProperty("javax.net.ssl.keyStore", "clientstore");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", "truststore.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
But when I call the web service it looks like the client isn't sending
a certificate. On the client side I get: "Caused
by:javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure" and on the WebLogic server I get what looks like a
handshake error there too.
Maybe I'm missing something here so if anyone can point me in the
right direction, I'd appreciate it. Oh ya, a couple of things that
are also bothering me are:
- I specify the keyStore and password, but shouldn't I set the alias
of the certificate I want the client to send?
- Am I asking for too much by expecting Axis and WebLogic to
interoperate? But if I just do 1-way SSL, then my axis client can
successfully talk to my WebLogic web service.
Thanks for any help!
..Mel
Re: 2 Way SSL to WebLogic Server
Posted by Mel Hama <sl...@gmail.com>.
Thanks for the reply Christopher. So it sounds like Axis should
support 2-way SSL just by setting the keystore name & password? I
know that WebLogic is set up correctly because I can use a WebLogic
client to connect successfully using the same certificates and
truststore, and if I point a browser at the server I get prompted to
pick a cert to send.
Thanks,
..Mel
On 9/28/05, Christopher S. Johnson <jo...@clarkson.edu> wrote:
> Mel -
>
> See inline..
>
> On Tue, 27 Sep 2005, Mel Hama wrote:
>
> > Can anyone give me some pointers on how to use 2-way ssl with an Axis
> > client calling a WebLogic 8.1 web service? I've set:
> >
> > System.setProperty("javax.net.ssl.keyStore", "clientstore");
> > System.setProperty("javax.net.ssl.keyStorePassword", "password");
> > System.setProperty("javax.net.ssl.trustStore", "truststore.jks");
> > System.setProperty("javax.net.ssl.trustStorePassword", "password");
> >
>
> Setting the JVM system properties works but I would recommend against it,
> as it stops on the current properties and could open up problem later down
> the road.
>
> Another solution would be building your own custom socket factory as
> described in the following thread..
>
> http://marc.theaimsgroup.com/?l=axis-dev&m=112368752122921&w=2
<clipped>
Re: 2 Way SSL to WebLogic Server
Posted by "Christopher S. Johnson" <jo...@clarkson.edu>.
Mel -
See inline..
On Tue, 27 Sep 2005, Mel Hama wrote:
> Can anyone give me some pointers on how to use 2-way ssl with an Axis
> client calling a WebLogic 8.1 web service? I've set:
>
> System.setProperty("javax.net.ssl.keyStore", "clientstore");
> System.setProperty("javax.net.ssl.keyStorePassword", "password");
> System.setProperty("javax.net.ssl.trustStore", "truststore.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "password");
>
Setting the JVM system properties works but I would recommend against it,
as it stops on the current properties and could open up problem later down
the road.
Another solution would be building your own custom socket factory as
described in the following thread..
http://marc.theaimsgroup.com/?l=axis-dev&m=112368752122921&w=2
> But when I call the web service it looks like the client isn't sending
> a certificate. On the client side I get: "Caused
> by:javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure" and on the WebLogic server I get what looks like a
> handshake error there too.
Are you sure the server side is setup to trust the client certificate?
I've never configured this with WebLogic but it would be something to
check.
>
> Maybe I'm missing something here so if anyone can point me in the
> right direction, I'd appreciate it. Oh ya, a couple of things that
> are also bothering me are:
>
> - I specify the keyStore and password, but shouldn't I set the alias
> of the certificate I want the client to send?
My guess is if the client keystore has more then one cert in it that JVM
takes the first one that matches with the same CA.. I could be wrong :)
> - Am I asking for too much by expecting Axis and WebLogic to
> interoperate? But if I just do 1-way SSL, then my axis client can
> successfully talk to my WebLogic web service.
This also makes me think the server is not setup to accept the client to
to carry out mutual ssl.
>
> Thanks for any help!
Hope it helps..
> ..Mel
>
--
Chris Johnson
johnsocs@clarkson.edu