You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ivy-user@ant.apache.org by Adrian Howchin <ad...@mincom.com> on 2011/09/05 07:58:49 UTC

Using client authentication (certificates) with Ivy

Hi,

I have an Apache HTTPD server setup in between my clients (which do Ivy
retrieves) and my Nexus server. In beautiful ascii art:
Client (ivy) <-->   (Apache HTTPD server) <-->   Nexus server

The HTTPD server requires client authentication via signed certificates
before it will pass the connection on to the Nexus server
(http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#allclients).

I know how to get my browser to work with this setup (simply import a
certificate signed by the CA cert referenced by SSLCACertificateFile
inside the httpd.conf), but I don't know how to get this to work with
Ivy retrieve. I've tried using the "javax.net.ssl.*" options, i.e:

ant -Djavax.net.ssl.keyStore=/tmp/test.jks
-Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=secret
-buildfile myBuildFile.xml

... and:

ant
-Djavax.net.ssl.trustStore=/tmp/test.jks-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStorePassword=secret -buildfile myBuildFile.xml

.. but neither of these work. I've tried creating a keystore and putting
inside the users' .ssh directory, but no joy. I've also tried simply
copying the signed certificate into the users' .ssh directory, but again
no joy.

Is it possible to use certificates for client authentication with Ivy?
If so, how?

--
Regards,
Adrian Howchin


This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise.

RE: Using client authentication (certificates) with Ivy

Posted by Sven Zethelius <sv...@expedia.com>.
I've found ant to be a bit picky about which options are fed to the VM. Instead of passing on the command line, try setting environment variable ANT_OPTS, which definitely get passed to the Ant JVM, which is what runs ivy.

________________________________________
From: Adrian Howchin [adrian.howchin@mincom.com]
Sent: Sunday, September 04, 2011 10:58 PM
To: ivy-user@ant.apache.org
Subject: Using client authentication (certificates) with Ivy

Hi,

I have an Apache HTTPD server setup in between my clients (which do Ivy
retrieves) and my Nexus server. In beautiful ascii art:
Client (ivy) <-->   (Apache HTTPD server) <-->   Nexus server

The HTTPD server requires client authentication via signed certificates
before it will pass the connection on to the Nexus server
(http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#allclients).

I know how to get my browser to work with this setup (simply import a
certificate signed by the CA cert referenced by SSLCACertificateFile
inside the httpd.conf), but I don't know how to get this to work with
Ivy retrieve. I've tried using the "javax.net.ssl.*" options, i.e:

ant -Djavax.net.ssl.keyStore=/tmp/test.jks
-Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=secret
-buildfile myBuildFile.xml

... and:

ant
-Djavax.net.ssl.trustStore=/tmp/test.jks-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStorePassword=secret -buildfile myBuildFile.xml

.. but neither of these work. I've tried creating a keystore and putting
inside the users' .ssh directory, but no joy. I've also tried simply
copying the signed certificate into the users' .ssh directory, but again
no joy.

Is it possible to use certificates for client authentication with Ivy?
If so, how?

--
Regards,
Adrian Howchin


This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please notify the sender and delete the transmission. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise.

Re: Using client authentication (certificates) with Ivy

Posted by Nicolas Lalevée <ni...@hibnet.org>.
Le 5 sept. 2011 à 07:58, Adrian Howchin a écrit :

> Hi,
> 
> I have an Apache HTTPD server setup in between my clients (which do Ivy
> retrieves) and my Nexus server. In beautiful ascii art:
> Client (ivy) <-->   (Apache HTTPD server) <-->   Nexus server
> 
> The HTTPD server requires client authentication via signed certificates
> before it will pass the connection on to the Nexus server
> (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#allclients).
> 
> I know how to get my browser to work with this setup (simply import a
> certificate signed by the CA cert referenced by SSLCACertificateFile
> inside the httpd.conf), but I don't know how to get this to work with
> Ivy retrieve. I've tried using the "javax.net.ssl.*" options, i.e:
> 
> ant -Djavax.net.ssl.keyStore=/tmp/test.jks
> -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=secret
> -buildfile myBuildFile.xml
> 
> ... and:
> 
> ant
> -Djavax.net.ssl.trustStore=/tmp/test.jks-Djavax.net.ssl.trustStoreType=jks
> -Djavax.net.ssl.trustStorePassword=secret -buildfile myBuildFile.xml

Here, with -D... on ant's command line, you are setting ant properties, not system property of the JVM. So set JVM properties you must use the environment property ANT_OPTS.
export ANT_OPTS="-Djavax.net.ssl.keyStore=/tmp/test.jks -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=secret"
ant -buildfile myBuildFile.xml

and you should be good with that.

Nicolas