You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Yves Langisch <li...@langisch.ch> on 2004/03/02 14:35:57 UTC

Certificate Chain

Hi

I'm sorry to post to this developer list but I was unable to find the 
appropriate user list.

I have an Axis webservice accepting signed request and a test client 
that sends signed requests. I setup my own CA on server side, created 
keystore etc. and signed the client's CSR. So far no problem, the client 
is able to send its signed request. On server side I now have the 
problem that I have to import client's certificate in order that 
WSDoAllReceiver is able to successfully validate the signature. Is there 
a way that the handler can validate the signature by going through the 
certificate chain? To do that, I think the requesting SOAP message has 
to provide the public key in the KeyInfo element. Otherwise the handler 
tries to look up the Cert by Serial number and Issuer name. Is that 
correct? If yes, how can I tell the client to attach the cert in the 
KeyInfo element? Thanks!

Regards,
Yves

Re: Certificate Chain

Posted by Yves Langisch <li...@langisch.ch>.

So far I found out that you can put X509 information to your call with

call.setProperty(WSDoAllConstants.SIG_KEY_ID, "X509KeyIdentifier");

But this works only in conjunction with WSDoAllSender. How can I do that 
without the handler?

Yves

Yves Langisch wrote:
> Hi
> 
> I'm sorry to post to this developer list but I was unable to find the 
> appropriate user list.
> 
> I have an Axis webservice accepting signed request and a test client 
> that sends signed requests. I setup my own CA on server side, created 
> keystore etc. and signed the client's CSR. So far no problem, the client 
> is able to send its signed request. On server side I now have the 
> problem that I have to import client's certificate in order that 
> WSDoAllReceiver is able to successfully validate the signature. Is there 
> a way that the handler can validate the signature by going through the 
> certificate chain? To do that, I think the requesting SOAP message has 
> to provide the public key in the KeyInfo element. Otherwise the handler 
> tries to look up the Cert by Serial number and Issuer name. Is that 
> correct? If yes, how can I tell the client to attach the cert in the 
> KeyInfo element? Thanks!
> 
> Regards,
> Yves
> 
>