You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by fachhoch <fa...@gmail.com> on 2010/09/21 19:54:02 UTC

cxf security

Iam  using  ws-security using keystores.My security model :

Server has a Keystore and I imported client keystore into server keystore.

when  client  calls service it passes its public key and on  server side I
find the same key so request is processed.
Now I heard about selfcert a   certificate  what is this? do I have to do
this ?





-- 
View this message in context: http://cxf.547215.n5.nabble.com/cxf-security-tp2848487p2848487.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: cxf security

Posted by Glen Mazza <gl...@gmail.com>.

Perhaps I should have been more clear, you *don't* need a self-signed
keystore, and they offer less protection, not more, than CA-signed
certificates.

Your question is not one that should be informally asked & answered on a
mailing list.  You need to do some googling and study up on certificates if
you plan on working with them in production.

Glen

fachhoch wrote:
> 
> please tell me why do we need a self signed keystore , it works without
> self signing , please tell me what is purpose of self signing  
> 

-- 
View this message in context: http://cxf.547215.n5.nabble.com/cxf-security-tp2848487p2850301.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: cxf security

Posted by fachhoch <fa...@gmail.com>.

please tell me why do we need a self signed keystore , it works without self
signing , please tell me what is purpose of self signing  
-- 
View this message in context: http://cxf.547215.n5.nabble.com/cxf-security-tp2848487p2850172.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: cxf security

Posted by Glen Mazza <gl...@gmail.com>.

A self-signed certificate is a locally created certificate[1] that has not
been vouched for by a third party certificate authority like VeriSign.  For
production use you should not be relying on them, but they are OK for
development purposes.

Glen

[1] http://www.jroller.com/gmazza/entry/using_openssl_to_create_certificates


fachhoch wrote:
> 
> Iam  using  ws-security using keystores.My security model :
> 
> Server has a Keystore and I imported client keystore into server keystore.
> 
> when  client  calls service it passes its public key and on  server side I
> find the same key so request is processed.
> Now I heard about selfcert a   certificate  what is this? do I have to do
> this ?
> 

-- 
View this message in context: http://cxf.547215.n5.nabble.com/cxf-security-tp2848487p2849902.html
Sent from the cxf-user mailing list archive at Nabble.com.