You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Christian Gosch <ch...@inovex.de> on 2009/12/09 19:45:48 UTC

How to configure SSL key store / trust store location to use for AXIS2 1.4.1 as SOAP/ssl client?

Hi,

how can I configure which SSL key store & trust store is used when AXIS2 
1.4.1 is the first running code requesting a SSL connection as a SOAP 
client in a given 1.4 JVM?


Problem: 

IBM WebSphere 6.0 (JDK/JRE 1.4.2) uses a defaultSSLSocketFactory which 
is a singleton and once it's initialized with some particular value, 
it'll be reused. (info from IBM L3)

If nothing special is said about what to do how, AXIS2 1.4.1 simply 
requests .../java/jre/lib/security/cacerts as key store & trust store 
file. This is fatal if later (other) SOAP clients require key pairs not 
present in this JVM default store.

Is there some way to tell AXIS2 1.4.1 to request another file for key 
store / trust store? 

Are there some JVM properties which can be used?

Is there any possibility to achieve that via the magic Options object?

Can this be achieved using the magic axis2.xml configuration file? 
(Again: Where is this file, or where is it looked for, and what is 
allowed to be inside?)


Desperate,
-- 
Dipl.-Inform. Christian Gosch, PMI PMP
Systems Architecture, Project Management

inovex GmbH
Büro Pforzheim
Karlsruher Strasse 71
D-75179 Pforzheim
Tel: +49 (0)7231 3191-85
Fax: +49 (0)7231 3191-91
c.gosch@inovex.de
www.inovex.de

Sitz der Gesellschaft: Pforzheim
AG Mannheim, HRB 502126
Geschäftsführer: Stephan Müller

Re: How to configure SSL key store / trust store location to use for AXIS2 1.4.1 as SOAP/ssl client?

Posted by Thilina Mahesh Buddhika <th...@gmail.com>.

Hi,

You can set the trust store related system properties inside your client
code like below.

System.setProperty("javax.net.ssl.trustStore", "/path/to/trustStore");
System.setProperty("javax.net.ssl.trustStorePassword", "password");

Hope this helps.

Thanks.
/thilina

Thilina Mahesh Buddhika
http://blog.thilinamb.com


On Thu, Dec 10, 2009 at 12:15 AM, Christian Gosch <christian.gosch@inovex.de
> wrote:

> Hi,
>
> how can I configure which SSL key store & trust store is used when AXIS2
> 1.4.1 is the first running code requesting a SSL connection as a SOAP
> client in a given 1.4 JVM?
>
>
> Problem:
>
> IBM WebSphere 6.0 (JDK/JRE 1.4.2) uses a defaultSSLSocketFactory which
> is a singleton and once it's initialized with some particular value,
> it'll be reused. (info from IBM L3)
>
> If nothing special is said about what to do how, AXIS2 1.4.1 simply
> requests .../java/jre/lib/security/cacerts as key store & trust store
> file. This is fatal if later (other) SOAP clients require key pairs not
> present in this JVM default store.
>
> Is there some way to tell AXIS2 1.4.1 to request another file for key
> store / trust store?
>
> Are there some JVM properties which can be used?
>
> Is there any possibility to achieve that via the magic Options object?
>
> Can this be achieved using the magic axis2.xml configuration file?
> (Again: Where is this file, or where is it looked for, and what is
> allowed to be inside?)
>
>
> Desperate,
> --
> Dipl.-Inform. Christian Gosch, PMI PMP
> Systems Architecture, Project Management
>
> inovex GmbH
> Büro Pforzheim
> Karlsruher Strasse 71
> D-75179 Pforzheim
> Tel: +49 (0)7231 3191-85
> Fax: +49 (0)7231 3191-91
> c.gosch@inovex.de
> www.inovex.de
>
> Sitz der Gesellschaft: Pforzheim
> AG Mannheim, HRB 502126
> Geschäftsführer: Stephan Müller
>
>
>
>

RE: How to configure SSL key store / trust store location to use for AXIS2 1.4.1 as SOAP/ssl client?

Posted by Christian Gosch <ch...@inovex.de>.

The source of solution was:

http://osdir.com/ml/axis-user-ws.apache.org/2009-06/msg00307.html

The solution is to set up the following properties for the JVM:

javax.net.ssl.keyStore=<fully qualified path to keystore file>
javax.net.ssl.keyStoreType=<type of keystore, i.e, JKS>
javax.net.ssl.keyStorePassword=<keystore password>
javax.net.ssl.trustStore=<fully qualified path to truststore file>
javax.net.ssl.trustStoreType=<type of truststore, i.e, JKS>
javax.net.ssl.trustStorePassword=<truststore password>
javax.net.ssl.contextProvider=<provider, i.e. JSSE>


This is basically the same as depicted by Thilina Mahesh Buddhika: It 
can be achieved either ny using the -Dpropname=propvalue pattern on the 
command line, by setting appropriate JVM startup properties using the 
administration interface of your choice or by explicitly setting that in 
the Java code.

Using system properties for the JVM may be more useful since this way it 
is guaranteed that the values are present from the time the JVM starts. 
This is difficult to achieve with explicit Java in a J2EE environment. 

Regards,
Christian



> -----Original Message-----
> From: Christian Gosch
> Sent: Wednesday, December 09, 2009 7:46 PM
> To: axis-user
> Subject: How to configure SSL key store / trust store location to use 
for
> AXIS2 1.4.1 as SOAP/ssl client?
> 
> Hi,
> 
> how can I configure which SSL key store & trust store is used when 
AXIS2
> 1.4.1 is the first running code requesting a SSL connection as a SOAP
> client in a given 1.4 JVM?
> 
> 
> Problem:
> 
> IBM WebSphere 6.0 (JDK/JRE 1.4.2) uses a defaultSSLSocketFactory which
> is a singleton and once it's initialized with some particular value,
> it'll be reused. (info from IBM L3)
> 
> If nothing special is said about what to do how, AXIS2 1.4.1 simply
> requests .../java/jre/lib/security/cacerts as key store & trust store
> file. This is fatal if later (other) SOAP clients require key pairs 
not
> present in this JVM default store.
> 
> Is there some way to tell AXIS2 1.4.1 to request another file for key
> store / trust store?
> 
> Are there some JVM properties which can be used?
> 
> Is there any possibility to achieve that via the magic Options object?
> 
> Can this be achieved using the magic axis2.xml configuration file?
> (Again: Where is this file, or where is it looked for, and what is
> allowed to be inside?)
> 
> 
> Desperate,
> --
> Dipl.-Inform. Christian Gosch, PMI PMP
> Systems Architecture, Project Management
> 
> inovex GmbH
> Büro Pforzheim
> Karlsruher Strasse 71
> D-75179 Pforzheim
> Tel: +49 (0)7231 3191-85
> Fax: +49 (0)7231 3191-91
> c.gosch@inovex.de
> www.inovex.de
> 
> Sitz der Gesellschaft: Pforzheim
> AG Mannheim, HRB 502126
> Geschäftsführer: Stephan Müller
> 
> 
> 
> 
> !DSPAM:4b1ff09b326661456082889!
> 
>