You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-user@axis.apache.org by Raghu Udupa <ru...@easylink.com> on 2008/09/18 23:01:52 UTC
certificate file for communicating via https
If a web services client wants to communicate with different servers,
can certificates for different servers be specified in one PEM file. For
curl, you can specify a single certificate file which can contain
multiple certificates. I would like to know whether axis2c provides this
feature.
Thanks,
Raghu
RE: certificate file for communicating via https
Posted by Raghu Udupa <ru...@easylink.com>.
Thanks Manjula.
1) Is password for the entire pfx file or is it one per certificate inside the pfx key-store?
2) Where do I specify the password for the pfx keystore? Is it in axis2.xml or through an API?
3) Is there an open-source tool for pfx key management? I can convert an individual certificate to pfx format using openssl. I am looking for a tool for storing multiple keys
Thanks again,
Regards,
Raghu
________________________________
From: Manjula Peiris [mailto:manjula@wso2.com]
Sent: Fri 10/3/2008 11:52 PM
To: Apache AXIS C User List
Subject: RE: certificate file for communicating via https
On Fri, 2008-10-03 at 12:14 -0400, Raghu Udupa wrote:
> Thanks Manjula. I need a couple more clarifications,
>
> 1) If I store multiple certificates in a PFX file, how would
> axis2c/rampart know which certificate to use?
You need to provide the password in order to retrieve the certifcate.
>
> 1.1) Does it go by the domain name in the URI? If so, what is the
> criteria? That is, if URI is
> www.webservices.com/axis2/services/myservice, then, does it use the
> domain www.webservices.com for retrieving the certificate.
>
> 1.2) Do I need to specify a password for each certificate?
> 2) You mention providing .pfx file and password to Rampart/C. My
> thinking was to specify PFX file in axis2.xml under SERVER_CERT. There
> is no tag in axis2.xml for specifying password. Where do I specify the
> password? Can I do it programmatically or through module.xml?
The SEVER_CERT is for https clients. It has no relation to Rampart/C,
where it is focused on Message level Security.
>
> 3) This is just a reconfirmation. In the client guide, it is mentioned
> that I can specify a PEM file. As long as PEM file is one certificate
> per PEM file, can I still use a PEM file.
One PEM file should contain one certificate.
>
> Thanks,
> Raghu
>
> -----Original Message-----
> From: Manjula Peiris [mailto:manjula@wso2.com]
> Sent: Friday, September 19, 2008 5:35 AM
> To: Apache AXIS C User List
> Subject: Re: certificate file for communicating via https
>
>
> On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
> > If a web services client wants to communicate with different servers,
> > can certificates for different servers be specified in one PEM file.
> > For curl, you can specify a single certificate file which can contain
> > multiple certificates. I would like to know whether axis2c provides
> > this feature.
>
> No you can't specify it in one PEM file. Rampart/C the Axis2/C security
> project does not support that. But you can store all the certificates in
> a pfx key store and provide Rampart/C with the .pfx file with the
> password to retrieve the certificate from the key store.
>
>
> >
> >
> >
> > Thanks,
> >
> > Raghu
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
RE: certificate file for communicating via https
Posted by Manjula Peiris <ma...@wso2.com>.
On Fri, 2008-10-03 at 12:14 -0400, Raghu Udupa wrote:
> Thanks Manjula. I need a couple more clarifications,
>
> 1) If I store multiple certificates in a PFX file, how would
> axis2c/rampart know which certificate to use?
You need to provide the password in order to retrieve the certifcate.
>
> 1.1) Does it go by the domain name in the URI? If so, what is the
> criteria? That is, if URI is
> www.webservices.com/axis2/services/myservice, then, does it use the
> domain www.webservices.com for retrieving the certificate.
>
> 1.2) Do I need to specify a password for each certificate?
> 2) You mention providing .pfx file and password to Rampart/C. My
> thinking was to specify PFX file in axis2.xml under SERVER_CERT. There
> is no tag in axis2.xml for specifying password. Where do I specify the
> password? Can I do it programmatically or through module.xml?
The SEVER_CERT is for https clients. It has no relation to Rampart/C,
where it is focused on Message level Security.
>
> 3) This is just a reconfirmation. In the client guide, it is mentioned
> that I can specify a PEM file. As long as PEM file is one certificate
> per PEM file, can I still use a PEM file.
One PEM file should contain one certificate.
>
> Thanks,
> Raghu
>
> -----Original Message-----
> From: Manjula Peiris [mailto:manjula@wso2.com]
> Sent: Friday, September 19, 2008 5:35 AM
> To: Apache AXIS C User List
> Subject: Re: certificate file for communicating via https
>
>
> On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
> > If a web services client wants to communicate with different servers,
> > can certificates for different servers be specified in one PEM file.
> > For curl, you can specify a single certificate file which can contain
> > multiple certificates. I would like to know whether axis2c provides
> > this feature.
>
> No you can't specify it in one PEM file. Rampart/C the Axis2/C security
> project does not support that. But you can store all the certificates in
> a pfx key store and provide Rampart/C with the .pfx file with the
> password to retrieve the certificate from the key store.
>
>
> >
> >
> >
> > Thanks,
> >
> > Raghu
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
RE: certificate file for communicating via https
Posted by Raghu Udupa <ru...@easylink.com>.
Thanks Manjula. I need a couple more clarifications,
1) If I store multiple certificates in a PFX file, how would
axis2c/rampart know which certificate to use?
1.1) Does it go by the domain name in the URI? If so, what is the
criteria? That is, if URI is
www.webservices.com/axis2/services/myservice, then, does it use the
domain www.webservices.com for retrieving the certificate.
1.2) Do I need to specify a password for each certificate?
2) You mention providing .pfx file and password to Rampart/C. My
thinking was to specify PFX file in axis2.xml under SERVER_CERT. There
is no tag in axis2.xml for specifying password. Where do I specify the
password? Can I do it programmatically or through module.xml?
3) This is just a reconfirmation. In the client guide, it is mentioned
that I can specify a PEM file. As long as PEM file is one certificate
per PEM file, can I still use a PEM file.
Thanks,
Raghu
-----Original Message-----
From: Manjula Peiris [mailto:manjula@wso2.com]
Sent: Friday, September 19, 2008 5:35 AM
To: Apache AXIS C User List
Subject: Re: certificate file for communicating via https
On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
> If a web services client wants to communicate with different servers,
> can certificates for different servers be specified in one PEM file.
> For curl, you can specify a single certificate file which can contain
> multiple certificates. I would like to know whether axis2c provides
> this feature.
No you can't specify it in one PEM file. Rampart/C the Axis2/C security
project does not support that. But you can store all the certificates in
a pfx key store and provide Rampart/C with the .pfx file with the
password to retrieve the certificate from the key store.
>
>
>
> Thanks,
>
> Raghu
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org
Re: certificate file for communicating via https
Posted by Manjula Peiris <ma...@wso2.com>.
On Thu, 2008-09-18 at 17:01 -0400, Raghu Udupa wrote:
> If a web services client wants to communicate with different servers,
> can certificates for different servers be specified in one PEM file.
> For curl, you can specify a single certificate file which can contain
> multiple certificates. I would like to know whether axis2c provides
> this feature.
No you can't specify it in one PEM file. Rampart/C the Axis2/C security
project does not support that. But you can store all the certificates in
a pfx key store and provide Rampart/C with the .pfx file with the
password to retrieve the certificate from the key store.
>
>
>
> Thanks,
>
> Raghu
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org