You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Yves Langisch <li...@langisch.ch> on 2004/03/02 14:35:57 UTC
Certificate Chain
Hi
I'm sorry to post to this developer list but I was unable to find the
appropriate user list.
I have an Axis webservice accepting signed request and a test client
that sends signed requests. I setup my own CA on server side, created
keystore etc. and signed the client's CSR. So far no problem, the client
is able to send its signed request. On server side I now have the
problem that I have to import client's certificate in order that
WSDoAllReceiver is able to successfully validate the signature. Is there
a way that the handler can validate the signature by going through the
certificate chain? To do that, I think the requesting SOAP message has
to provide the public key in the KeyInfo element. Otherwise the handler
tries to look up the Cert by Serial number and Issuer name. Is that
correct? If yes, how can I tell the client to attach the cert in the
KeyInfo element? Thanks!
Regards,
Yves
Re: Certificate Chain
Posted by Yves Langisch <li...@langisch.ch>.
So far I found out that you can put X509 information to your call with
call.setProperty(WSDoAllConstants.SIG_KEY_ID, "X509KeyIdentifier");
But this works only in conjunction with WSDoAllSender. How can I do that
without the handler?
Yves
Yves Langisch wrote:
> Hi
>
> I'm sorry to post to this developer list but I was unable to find the
> appropriate user list.
>
> I have an Axis webservice accepting signed request and a test client
> that sends signed requests. I setup my own CA on server side, created
> keystore etc. and signed the client's CSR. So far no problem, the client
> is able to send its signed request. On server side I now have the
> problem that I have to import client's certificate in order that
> WSDoAllReceiver is able to successfully validate the signature. Is there
> a way that the handler can validate the signature by going through the
> certificate chain? To do that, I think the requesting SOAP message has
> to provide the public key in the KeyInfo element. Otherwise the handler
> tries to look up the Cert by Serial number and Issuer name. Is that
> correct? If yes, how can I tell the client to attach the cert in the
> KeyInfo element? Thanks!
>
> Regards,
> Yves
>
>