You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Mi...@servicecanada.gc.ca on 2007/07/10 20:38:26 UTC
issues with https?
Hi,
If I deploy a service using https, then is there anything special I need to do on the client side, or does the built-in http library take care of the certificate stuff?
thanks
Michael Davis
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: issues with https?
Posted by Mi...@servicecanada.gc.ca.
Done - AXIS-2944. I figured that the component is 'transports'.
cheers,
md
> -----Original Message-----
> From: Davanum Srinivas [mailto:davanum@gmail.com]
> Sent: Wednesday, July 11, 2007 10:02 AM
> To: axis-user@ws.apache.org
> Subject: Re: issues with https?
>
>
> Michael,
>
> Good candidate for an enhancement request. Can you please
> create a JIRA?
>
> thanks,
> dims
>
> On 7/11/07, Michael.Davis@servicecanada.gc.ca
> <Mi...@servicecanada.gc.ca> wrote:
> > Thanks!
> >
> > In our case, I can be certain that it will not be a well
> known certificate. Is there any way to enable the connection
> without having a keystore in the file system, for example
> having the certificate bytes available in a class or something?
> >
> > The issue is this: the organization hosting the client
> application doesn't allow me access to their server, and
> coordinating with them to set up a keystore and a system
> property is problematic.
> >
> > cheers,
> > md
> >
> >
> > > -----Original Message-----
> > > From: Dimuthu [mailto:muthulee@apache.org]
> > > Sent: Wednesday, July 11, 2007 12:48 AM
> > > To: axis-user@ws.apache.org
> > > Subject: Re: issues with https?
> > >
> > >
> > > Hi,
> > >
> > > When you give the HTTPS url and it should work.
> > >
> > > If it is doesn't work, most probably it is not a well known root
> > > certificate. In this case add the following properties to the
> > > System in
> > > client code.
> > > System.setProperty("javax.net.ssl.trustStore","path to keystore" )
> > > System.setProperty("javax.net.ssl.trustStorePassword","apache")
> > >
> > >
> > > Cheers,
> > > Dimuthu
> > >
> > > On Tue, 2007-07-10 at 14:38 -0400,
> Michael.Davis@servicecanada.gc.ca
> > > wrote:
> > > > Hi,
> > > >
> > > > If I deploy a service using https, then is there anything
> > > special I need to do on the client side, or does the built-in
> > > http library take care of the certificate stuff?
> > > >
> > > > thanks
> > > > Michael Davis
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
> --
> Davanum Srinivas :: http://davanum.wordpress.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: issues with https?
Posted by Davanum Srinivas <da...@gmail.com>.
Michael,
Good candidate for an enhancement request. Can you please create a JIRA?
thanks,
dims
On 7/11/07, Michael.Davis@servicecanada.gc.ca
<Mi...@servicecanada.gc.ca> wrote:
> Thanks!
>
> In our case, I can be certain that it will not be a well known certificate. Is there any way to enable the connection without having a keystore in the file system, for example having the certificate bytes available in a class or something?
>
> The issue is this: the organization hosting the client application doesn't allow me access to their server, and coordinating with them to set up a keystore and a system property is problematic.
>
> cheers,
> md
>
>
> > -----Original Message-----
> > From: Dimuthu [mailto:muthulee@apache.org]
> > Sent: Wednesday, July 11, 2007 12:48 AM
> > To: axis-user@ws.apache.org
> > Subject: Re: issues with https?
> >
> >
> > Hi,
> >
> > When you give the HTTPS url and it should work.
> >
> > If it is doesn't work, most probably it is not a well known root
> > certificate. In this case add the following properties to the
> > System in
> > client code.
> > System.setProperty("javax.net.ssl.trustStore","path to keystore" )
> > System.setProperty("javax.net.ssl.trustStorePassword","apache")
> >
> >
> > Cheers,
> > Dimuthu
> >
> > On Tue, 2007-07-10 at 14:38 -0400, Michael.Davis@servicecanada.gc.ca
> > wrote:
> > > Hi,
> > >
> > > If I deploy a service using https, then is there anything
> > special I need to do on the client side, or does the built-in
> > http library take care of the certificate stuff?
> > >
> > > thanks
> > > Michael Davis
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Davanum Srinivas :: http://davanum.wordpress.com
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: issues with https?
Posted by Mi...@servicecanada.gc.ca.
Thanks very much!
cheers,
md
> -----Original Message-----
> From: Todd Allen [mailto:tballen@copart.com]
> Sent: Wednesday, July 11, 2007 10:14 AM
> To: axis-user@ws.apache.org; axis-user@ws.apache.org
> Subject: RE: issues with https?
>
>
> There is a way to trust any CA in the Java client code. See below.
>
> First, create inner class:
>
> /*
> * TrustManager inner class to allow access to all web sites
> */
> public class TrustingManager implements
> javax.net.ssl.X509TrustManager
> {
>
> public java.security.cert.X509Certificate[]
> getAcceptedIssuers()
> {
> return null;
> }
>
> public void
> checkClientTrusted(java.security.cert.X509Certificate[] c,
> String authType) throws CertificateException
> {
> // do nothing, accept by default
> }
>
> public void
> checkServerTrusted(java.security.cert.X509Certificate[] c,
> String authType) throws CertificateException
> {
> // do nothing, accept by default
> }
> } // TrustingManager inner class
>
> Then call method to disable SSL checking:
>
> private void disableSSLChecking() throws IOException {
>
> // Inspired by John Cho
> try {
> javax.net.ssl.TrustManager[] trusty = new
> javax.net.ssl.TrustManager[] { new TrustingManager() };
>
> javax.net.ssl.SSLContext sc =
> javax.net.ssl.SSLContext.getInstance("SSL");
>
> sc.init(null, trusty, new java.security.SecureRandom());
> SSLSocketFactory sslFactory = (SSLSocketFactory)
> sc.getSocketFactory();
>
> HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
> }
> catch (Exception e) {
> throw (new IOException("SSLFactory: " + e.getMessage()));
> }
> } // disableSSLChecking()
>
> I hope that helps. Try that and let me know if it works for you.
>
> T
>
>
> At 09:27 AM 7/11/2007, Michael.Davis@servicecanada.gc.ca wrote:
> >Thanks!
> >
> >In our case, I can be certain that it will not be a well known
> >certificate. Is there any way to enable the connection without
> >having a keystore in the file system, for example having the
> >certificate bytes available in a class or something?
> >
> >The issue is this: the organization hosting the client application
> >doesn't allow me access to their server, and coordinating with them
> >to set up a keystore and a system property is problematic.
> >
> >cheers,
> >md
> >
> >
> > > -----Original Message-----
> > > From: Dimuthu [mailto:muthulee@apache.org]
> > > Sent: Wednesday, July 11, 2007 12:48 AM
> > > To: axis-user@ws.apache.org
> > > Subject: Re: issues with https?
> > >
> > >
> > > Hi,
> > >
> > > When you give the HTTPS url and it should work.
> > >
> > > If it is doesn't work, most probably it is not a well known root
> > > certificate. In this case add the following properties to the
> > > System in
> > > client code.
> > > System.setProperty("javax.net.ssl.trustStore","path to keystore" )
> > > System.setProperty("javax.net.ssl.trustStorePassword","apache")
> > >
> > >
> > > Cheers,
> > > Dimuthu
> > >
> > > On Tue, 2007-07-10 at 14:38 -0400,
> Michael.Davis@servicecanada.gc.ca
> > > wrote:
> > > > Hi,
> > > >
> > > > If I deploy a service using https, then is there anything
> > > special I need to do on the client side, or does the built-in
> > > http library take care of the certificate stuff?
> > > >
> > > > thanks
> > > > Michael Davis
> > > >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: issues with https?
Posted by Todd Allen <tb...@copart.com>.
There is a way to trust any CA in the Java client code. See below.
First, create inner class:
/*
* TrustManager inner class to allow access to all web sites
*/
public class TrustingManager implements javax.net.ssl.X509TrustManager
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] c,
String authType) throws CertificateException
{
// do nothing, accept by default
}
public void checkServerTrusted(java.security.cert.X509Certificate[] c,
String authType) throws CertificateException
{
// do nothing, accept by default
}
} // TrustingManager inner class
Then call method to disable SSL checking:
private void disableSSLChecking() throws IOException {
// Inspired by John Cho
try {
javax.net.ssl.TrustManager[] trusty = new
javax.net.ssl.TrustManager[] { new TrustingManager() };
javax.net.ssl.SSLContext sc =
javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trusty, new java.security.SecureRandom());
SSLSocketFactory sslFactory = (SSLSocketFactory)
sc.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
}
catch (Exception e) {
throw (new IOException("SSLFactory: " + e.getMessage()));
}
} // disableSSLChecking()
I hope that helps. Try that and let me know if it works for you.
T
At 09:27 AM 7/11/2007, Michael.Davis@servicecanada.gc.ca wrote:
>Thanks!
>
>In our case, I can be certain that it will not be a well known
>certificate. Is there any way to enable the connection without
>having a keystore in the file system, for example having the
>certificate bytes available in a class or something?
>
>The issue is this: the organization hosting the client application
>doesn't allow me access to their server, and coordinating with them
>to set up a keystore and a system property is problematic.
>
>cheers,
>md
>
>
> > -----Original Message-----
> > From: Dimuthu [mailto:muthulee@apache.org]
> > Sent: Wednesday, July 11, 2007 12:48 AM
> > To: axis-user@ws.apache.org
> > Subject: Re: issues with https?
> >
> >
> > Hi,
> >
> > When you give the HTTPS url and it should work.
> >
> > If it is doesn't work, most probably it is not a well known root
> > certificate. In this case add the following properties to the
> > System in
> > client code.
> > System.setProperty("javax.net.ssl.trustStore","path to keystore" )
> > System.setProperty("javax.net.ssl.trustStorePassword","apache")
> >
> >
> > Cheers,
> > Dimuthu
> >
> > On Tue, 2007-07-10 at 14:38 -0400, Michael.Davis@servicecanada.gc.ca
> > wrote:
> > > Hi,
> > >
> > > If I deploy a service using https, then is there anything
> > special I need to do on the client side, or does the built-in
> > http library take care of the certificate stuff?
> > >
> > > thanks
> > > Michael Davis
> > >
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: issues with https?
Posted by Mi...@servicecanada.gc.ca.
Thanks!
In our case, I can be certain that it will not be a well known certificate. Is there any way to enable the connection without having a keystore in the file system, for example having the certificate bytes available in a class or something?
The issue is this: the organization hosting the client application doesn't allow me access to their server, and coordinating with them to set up a keystore and a system property is problematic.
cheers,
md
> -----Original Message-----
> From: Dimuthu [mailto:muthulee@apache.org]
> Sent: Wednesday, July 11, 2007 12:48 AM
> To: axis-user@ws.apache.org
> Subject: Re: issues with https?
>
>
> Hi,
>
> When you give the HTTPS url and it should work.
>
> If it is doesn't work, most probably it is not a well known root
> certificate. In this case add the following properties to the
> System in
> client code.
> System.setProperty("javax.net.ssl.trustStore","path to keystore" )
> System.setProperty("javax.net.ssl.trustStorePassword","apache")
>
>
> Cheers,
> Dimuthu
>
> On Tue, 2007-07-10 at 14:38 -0400, Michael.Davis@servicecanada.gc.ca
> wrote:
> > Hi,
> >
> > If I deploy a service using https, then is there anything
> special I need to do on the client side, or does the built-in
> http library take care of the certificate stuff?
> >
> > thanks
> > Michael Davis
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: issues with https?
Posted by Dimuthu <mu...@apache.org>.
Hi,
When you give the HTTPS url and it should work.
If it is doesn't work, most probably it is not a well known root
certificate. In this case add the following properties to the System in
client code.
System.setProperty("javax.net.ssl.trustStore","path to keystore" )
System.setProperty("javax.net.ssl.trustStorePassword","apache")
Cheers,
Dimuthu
On Tue, 2007-07-10 at 14:38 -0400, Michael.Davis@servicecanada.gc.ca
wrote:
> Hi,
>
> If I deploy a service using https, then is there anything special I need to do on the client side, or does the built-in http library take care of the certificate stuff?
>
> thanks
> Michael Davis
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org