You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by "Philippe A." <fu...@gmail.com> on 2009/11/30 17:40:18 UTC
Problems with https mutual auth
I have successfully setup one way https authentication between my web
service client and server. The next step is to enable two-way auth but I'm
having problems doing it.
To make sure two-way auth kicks in, I wanted to have client auth fail on
purpose. However, client requests are not rejected as planned.
In axis2.xml, I have added the following:
<parameter name="truststore" locked="false">
<TrustStore>
<Location>trust.jks</Location>
<Type>JKS</Type>
<Password>changeit</Password>
</TrustStore>
</parameter>
<parameter name="SSLVerifyClient">require</parameter>
I volontarily left the trust store empty. I have left services.xml
unchanged, as well as my client.
Can anyone tell me what I am missing?
I'm using Axis2 1.4.1 and Rampart 1.4.
Thanks!
Re: Problems with https mutual auth
Posted by "Philippe A." <fu...@gmail.com>.
Hello Thilina,
I am using the standalone Axis2 server. I had a look at
HttpCoreNIOSSLListener.java and confirmed <parameter name="SSLVerifyClient">
should do the same as client-auth.
Maybe I have missed something. I won't have time to go back to this since we
have decided to stick to one-way auth for now. If anyone successfully
configures two-way auth with the simple axis server, I'd like to hear from
you.
Thanks!
2009/12/3 Thilina Mahesh Buddhika <th...@gmail.com>
> Hi Phillipe,
>
> I think you have to enable "client-auth" in the application server/servlet
> container where you have deployed Axis2.
>
> For example, in Tomcat, there is a parameter named "clientAuth" which is by
> default set to "false" in SSL Configuration section. By setting its value
> to "true" you can force two-way authentication in SSL handshake.
>
> Thanks.
> /thilina
>
> Thilina Mahesh Buddhika
> http://blog.thilinamb.com
>
>
> On Mon, Nov 30, 2009 at 10:10 PM, Philippe A. <fu...@gmail.com> wrote:
>
>> I have successfully setup one way https authentication between my web
>> service client and server. The next step is to enable two-way auth but I'm
>> having problems doing it.
>>
>> To make sure two-way auth kicks in, I wanted to have client auth fail on
>> purpose. However, client requests are not rejected as planned.
>>
>> In axis2.xml, I have added the following:
>>
>> <parameter name="truststore" locked="false">
>> <TrustStore>
>> <Location>trust.jks</Location>
>> <Type>JKS</Type>
>> <Password>changeit</Password>
>> </TrustStore>
>> </parameter>
>> <parameter name="SSLVerifyClient">require</parameter>
>>
>> I volontarily left the trust store empty. I have left services.xml
>> unchanged, as well as my client.
>>
>> Can anyone tell me what I am missing?
>>
>> I'm using Axis2 1.4.1 and Rampart 1.4.
>>
>> Thanks!
>>
>
>
Re: Problems with https mutual auth
Posted by Thilina Mahesh Buddhika <th...@gmail.com>.
Hi Phillipe,
I think you have to enable "client-auth" in the application server/servlet
container where you have deployed Axis2.
For example, in Tomcat, there is a parameter named "clientAuth" which is by
default set to "false" in SSL Configuration section. By setting its value
to "true" you can force two-way authentication in SSL handshake.
Thanks.
/thilina
Thilina Mahesh Buddhika
http://blog.thilinamb.com
On Mon, Nov 30, 2009 at 10:10 PM, Philippe A. <fu...@gmail.com> wrote:
> I have successfully setup one way https authentication between my web
> service client and server. The next step is to enable two-way auth but I'm
> having problems doing it.
>
> To make sure two-way auth kicks in, I wanted to have client auth fail on
> purpose. However, client requests are not rejected as planned.
>
> In axis2.xml, I have added the following:
>
> <parameter name="truststore" locked="false">
> <TrustStore>
> <Location>trust.jks</Location>
> <Type>JKS</Type>
> <Password>changeit</Password>
> </TrustStore>
> </parameter>
> <parameter name="SSLVerifyClient">require</parameter>
>
> I volontarily left the trust store empty. I have left services.xml
> unchanged, as well as my client.
>
> Can anyone tell me what I am missing?
>
> I'm using Axis2 1.4.1 and Rampart 1.4.
>
> Thanks!
>