You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Karen Loughran <k....@qub.ac.uk> on 2007/05/10 18:33:08 UTC
WSS4J signature authentication, doesn't appear to cross reference
ca root authority
Hi all,
I'm using apache axis 1.x and have set up WS Security Axis handlers and
wss4j (v1.5) for the authentication of signed messages at the
requestFlow of my service and client.
Having carried out some tests, I realise that wss4j security (at least
action signature) just enables mutual authentication based on user certs
with no cross reference check to the ca root authority chained in the
keystores.
Is there a way to configure wss4j to cross reference the chained ca root
in the request against the servers the caroot in the servers keystore
and/or the java system wide ca certs ?
Thanks
Karen
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: WSS4J signature authentication, doesn't appear to cross
reference ca root authority
Posted by Karen Loughran <k....@qub.ac.uk>.
Found the solution. I realise now it does cross reference the ca root
authority. My problem was that I had not added both the escience root
certificates to the Java system wide cacerts (ie, escience-root.crt and
escience-ca.crt).
Thanks
Karen
On Thu, 2007-05-10 at 17:33 +0100, Karen Loughran wrote:
> Hi all,
>
> I'm using apache axis 1.x and have set up WS Security Axis handlers and
> wss4j (v1.5) for the authentication of signed messages at the
> requestFlow of my service and client.
>
> Having carried out some tests, I realise that wss4j security (at least
> action signature) just enables mutual authentication based on user certs
> with no cross reference check to the ca root authority chained in the
> keystores.
>
> Is there a way to configure wss4j to cross reference the chained ca root
> in the request against the servers the caroot in the servers keystore
> and/or the java system wide ca certs ?
>
> Thanks
>
> Karen
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org