RE: SSL problems - has anyone been successful???

["Braginsky, Leo" <lb...@akamai.com>]

Hi Olivier,

Yes I did put the tracing in both the client and the server. The server
doesn't get hit at all. The client spits out some info that tells me that
the right keystore is being picked up: c:\program
files\javasoft\jre\1.3.0_02\lib\security\cacerts - this is the same keystore
that the JSSE client is using (with success). The tracing stops right before
the client calls
resp = call.invoke(url, ""); I know this because I have System.out.println
right before it. The next line in the output log is: 
"(SOAP-ENV:Client): error parsing HTTP status line: null"
This exception is thrown by the response object and it indicates that the
server replied with junk. 

Do you think I should switch to Apache SOAP 2.1 from 2.0? Any other ideas? 

Thanks for you help

- leo



-----Original Message-----
From: Olivier Brand [mailto:olivier@intraware.com]
Sent: Saturday, March 31, 2001 1:30 AM
To: soap-user@xml.apache.org
Subject: Re: SSL problems - has anyone been successful???


Have you used the debug option I was talking about and see what is going on
during the SSL handshake ?

Olivier

"Braginsky, Leo" wrote:

> Thank you, Stephane. I seem to be doing exactly as you suggest.
>
> And yet, my server replies:
>
> [Fri Mar 30 16:59:18 2001] [warn] mod_ibm_ssl: SSL Handshake Failed, An
> incorrectly formatted SSL message was received.
>
> Has anyone seen this before?
>
> Another observation: If I point the client that comes with JSSE 1.0.2 to
my
> SOAP server the SSL handshake occurs. I can also contact the server via
> browser.
>
> Help!!!
>
> - leo
>
> -----Original Message-----
> From: Stéphane Bélanger [mailto:sbelanger@xpert-inc.com]
> Sent: Friday, March 30, 2001 3:18 PM
> To: 'soap-user@xml.apache.org'
> Subject: RE: SSL problems - has anyone been successful???
>
> For my part, here is what I have done to make it work:
>
> 1- Download and install JSSE 1.0.2 as stated in the JSSE installation
> procedure
> 2- Add jsse.jar, jcert.jar and jnet.jar in your CLASSPATH
> 3- In order to support the https protocol, add the following code to your
> SOAP client or your test program:
>
> import java.security.Security;
> // Add https protocol support
> System.setProperty("java.protocol.handler.pkgs",
> com.sun.net.ssl.internal.www.protocol");
> // Add SSL Provider
> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>
> 4- You must have a valid certificate on your SOAP server.  If you don't,
you
> can download a test certificate from VeriSign or another certificate
> provider.  In this case, your client will not recognize the certificate
> until you add it to your certificate database.  I use Jbuilder, therefore
my
> certificate db is C:\JBuilder4\jdk1.3\jre\lib\security\cacerts.  It
already
> contains pre-installed certificates.  You can add your test certificate by
> typing the following command :
>
>             keytool -import -file mycert.cer -keystore
> C:\JBuilder4\jdk1.3\jre\lib\security\cacerts
>
> It will probably ask you for a password, usually it is « changeit » for
> pre-installed certificated, so I understood.
>
> To create the file mycert.cer which is a certificate file, follow the
> instruction from VeriSign to install the test certificate on your server
and
> connect to your server using the https protocol using IE.  When asked
> whether to install or to save the certificate, save it as mycert.cer and
> import it on your client machine as explained.
>
> If you already have a certificate db that you want to use, add the
following
> code to specify the keystore to be used.
>
> Example:
>         System.setProperty("javax.net.ssl.trustStore",
> System.getProperty("user.home") + File.separator + ".keystore");
>
> With that, I was able to make it work.  I'm using IIS, JRun and Apache
SOAP.
>
> Good luck!
>
> Stéphane
>
> -----Message d'origine-----
> De : Braginsky, Leo [mailto:lbragins@akamai.com]
> Envoyé : 29 mars, 2001 17:21
> À : 'soap-user@xml.apache.org'
> Objet : SSL problems - has anyone been successful???
>
> Guys,
>
> I am as much confused as I am frustrated.
> I've seen many messages on the SSL subject ranging from "how to start?" to
> "almost there, but not quite." The latter is my case as well. So, my
> question is: HAS ANYONE BEEN SUCCESSFUL in making Java client (bean, EJB,
> JSP) to communicate with SOAP server using Apache/SOAP 2.0 (or 2.1)
> framework? I did find a bunch of info sources on the Web that address this
> issue, but despite the plentiful theoretical insight I've been unable to
> make SOAP connection over SSL happen.
> So, if anyone has succeeded in doing this, can this person please take a
few
> minutes to describe ALL the steps that he took. I'm sure the entire
mailing
> list will appreciate this.
>
> P.S. My current problem is that it seems that the client contacts SSL
server
> in clear text. That's what the Snoop tool that we run on the server tells
> us.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
> For additional commands, email: soap-user-help@xml.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
> For additional commands, email: soap-user-help@xml.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: soap-user-unsubscribe@xml.apache.org
For additional commands, email: soap-user-help@xml.apache.org