You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Christian Gosch <ch...@inovex.de> on 2009/12/09 19:45:48 UTC
How to configure SSL key store / trust store location to use for AXIS2 1.4.1 as SOAP/ssl client?
Hi,
how can I configure which SSL key store & trust store is used when AXIS2
1.4.1 is the first running code requesting a SSL connection as a SOAP
client in a given 1.4 JVM?
Problem:
IBM WebSphere 6.0 (JDK/JRE 1.4.2) uses a defaultSSLSocketFactory which
is a singleton and once it's initialized with some particular value,
it'll be reused. (info from IBM L3)
If nothing special is said about what to do how, AXIS2 1.4.1 simply
requests .../java/jre/lib/security/cacerts as key store & trust store
file. This is fatal if later (other) SOAP clients require key pairs not
present in this JVM default store.
Is there some way to tell AXIS2 1.4.1 to request another file for key
store / trust store?
Are there some JVM properties which can be used?
Is there any possibility to achieve that via the magic Options object?
Can this be achieved using the magic axis2.xml configuration file?
(Again: Where is this file, or where is it looked for, and what is
allowed to be inside?)
Desperate,
--
Dipl.-Inform. Christian Gosch, PMI PMP
Systems Architecture, Project Management
inovex GmbH
Büro Pforzheim
Karlsruher Strasse 71
D-75179 Pforzheim
Tel: +49 (0)7231 3191-85
Fax: +49 (0)7231 3191-91
c.gosch@inovex.de
www.inovex.de
Sitz der Gesellschaft: Pforzheim
AG Mannheim, HRB 502126
Geschäftsführer: Stephan Müller
Re: How to configure SSL key store / trust store location to use for
AXIS2 1.4.1 as SOAP/ssl client?
Posted by Thilina Mahesh Buddhika <th...@gmail.com>.
Hi,
You can set the trust store related system properties inside your client
code like below.
System.setProperty("javax.net.ssl.trustStore", "/path/to/trustStore");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
Hope this helps.
Thanks.
/thilina
Thilina Mahesh Buddhika
http://blog.thilinamb.com
On Thu, Dec 10, 2009 at 12:15 AM, Christian Gosch <christian.gosch@inovex.de
> wrote:
> Hi,
>
> how can I configure which SSL key store & trust store is used when AXIS2
> 1.4.1 is the first running code requesting a SSL connection as a SOAP
> client in a given 1.4 JVM?
>
>
> Problem:
>
> IBM WebSphere 6.0 (JDK/JRE 1.4.2) uses a defaultSSLSocketFactory which
> is a singleton and once it's initialized with some particular value,
> it'll be reused. (info from IBM L3)
>
> If nothing special is said about what to do how, AXIS2 1.4.1 simply
> requests .../java/jre/lib/security/cacerts as key store & trust store
> file. This is fatal if later (other) SOAP clients require key pairs not
> present in this JVM default store.
>
> Is there some way to tell AXIS2 1.4.1 to request another file for key
> store / trust store?
>
> Are there some JVM properties which can be used?
>
> Is there any possibility to achieve that via the magic Options object?
>
> Can this be achieved using the magic axis2.xml configuration file?
> (Again: Where is this file, or where is it looked for, and what is
> allowed to be inside?)
>
>
> Desperate,
> --
> Dipl.-Inform. Christian Gosch, PMI PMP
> Systems Architecture, Project Management
>
> inovex GmbH
> Büro Pforzheim
> Karlsruher Strasse 71
> D-75179 Pforzheim
> Tel: +49 (0)7231 3191-85
> Fax: +49 (0)7231 3191-91
> c.gosch@inovex.de
> www.inovex.de
>
> Sitz der Gesellschaft: Pforzheim
> AG Mannheim, HRB 502126
> Geschäftsführer: Stephan Müller
>
>
>
>
RE: How to configure SSL key store / trust store location to use for AXIS2 1.4.1 as SOAP/ssl client?
Posted by Christian Gosch <ch...@inovex.de>.
The source of solution was:
http://osdir.com/ml/axis-user-ws.apache.org/2009-06/msg00307.html
The solution is to set up the following properties for the JVM:
javax.net.ssl.keyStore=<fully qualified path to keystore file>
javax.net.ssl.keyStoreType=<type of keystore, i.e, JKS>
javax.net.ssl.keyStorePassword=<keystore password>
javax.net.ssl.trustStore=<fully qualified path to truststore file>
javax.net.ssl.trustStoreType=<type of truststore, i.e, JKS>
javax.net.ssl.trustStorePassword=<truststore password>
javax.net.ssl.contextProvider=<provider, i.e. JSSE>
This is basically the same as depicted by Thilina Mahesh Buddhika: It
can be achieved either ny using the -Dpropname=propvalue pattern on the
command line, by setting appropriate JVM startup properties using the
administration interface of your choice or by explicitly setting that in
the Java code.
Using system properties for the JVM may be more useful since this way it
is guaranteed that the values are present from the time the JVM starts.
This is difficult to achieve with explicit Java in a J2EE environment.
Regards,
Christian
> -----Original Message-----
> From: Christian Gosch
> Sent: Wednesday, December 09, 2009 7:46 PM
> To: axis-user
> Subject: How to configure SSL key store / trust store location to use
for
> AXIS2 1.4.1 as SOAP/ssl client?
>
> Hi,
>
> how can I configure which SSL key store & trust store is used when
AXIS2
> 1.4.1 is the first running code requesting a SSL connection as a SOAP
> client in a given 1.4 JVM?
>
>
> Problem:
>
> IBM WebSphere 6.0 (JDK/JRE 1.4.2) uses a defaultSSLSocketFactory which
> is a singleton and once it's initialized with some particular value,
> it'll be reused. (info from IBM L3)
>
> If nothing special is said about what to do how, AXIS2 1.4.1 simply
> requests .../java/jre/lib/security/cacerts as key store & trust store
> file. This is fatal if later (other) SOAP clients require key pairs
not
> present in this JVM default store.
>
> Is there some way to tell AXIS2 1.4.1 to request another file for key
> store / trust store?
>
> Are there some JVM properties which can be used?
>
> Is there any possibility to achieve that via the magic Options object?
>
> Can this be achieved using the magic axis2.xml configuration file?
> (Again: Where is this file, or where is it looked for, and what is
> allowed to be inside?)
>
>
> Desperate,
> --
> Dipl.-Inform. Christian Gosch, PMI PMP
> Systems Architecture, Project Management
>
> inovex GmbH
> Büro Pforzheim
> Karlsruher Strasse 71
> D-75179 Pforzheim
> Tel: +49 (0)7231 3191-85
> Fax: +49 (0)7231 3191-91
> c.gosch@inovex.de
> www.inovex.de
>
> Sitz der Gesellschaft: Pforzheim
> AG Mannheim, HRB 502126
> Geschäftsführer: Stephan Müller
>
>
>
>
> !DSPAM:4b1ff09b326661456082889!
>
>