You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Rajendra <ra...@mahindrabt.com> on 2005/04/20 16:36:19 UTC
RE: Urgent > Client authentication fails for ssl for
Axiswebservicwclient
Hi Alex,
Thx for ur reply. Just to clear that access to web service on ssl is
working smoothly. Now
I want to do the two way authentication. i.e. Using client certificate.
HostNameVerifier is third party utility or provided by Java/Apache.
Regards,
Raj.
-----Original Message-----
From: Alexander Mischur [mailto:a.mischur@web.de]
Sent: Wednesday, April 20, 2005 7:54 PM
To: axis-user@ws.apache.org
Subject: Re: Urgent > Client authentication fails for ssl for
Axiswebservicwclient
Hi
if I understand the SSL in java right you didn't need a keyFile on the
client site.
Did you have a HostNameVerifier?
In my code i write this:
System.setProperty("javax.net.ssl.trustStore", trustFile);
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
logger.warn("URL Host: " + urlHostName + " vs. " +
session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
now write the webservice call.
I hope it will help you
Regards,
Alex
Rajendra wrote:
> hello All,
> i am new to PKI but currently i have assigned task in this.What i need to
do
> is set up a SSL over Axis webservice.I have configured Tomcat for SSL and
it
> works fine for One way SSl.But now i m trying for client authentication i
> have some problem
> i have done the following steps
> 1> Generate a Server Key and Certificate
> 2>Export the Server Certificate
> 3>Generate a Client Key and Certificate
> 4>Export the Client Certificate
> 5>Import the Certificates into the
>
Keystores(Reference:http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_S
> SL.html)
>
> Now for client authentication i need to convert my client.cer in
client.pfx
> so i followed the steps given by you
> 1>keytool -export -alias client.cer -keystore client.cer -file
> exported.crt
>
> 2>openssl x509 -out exported-pem.crt -outform pem -text -in
> exported.crt -inform der
>
> 3>javac ExportPriv.java(downloaded)
> 4>java ExportPriv client.cer client.cer <password> > exported-pkcs8.key
>
> 5>openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out
> exported.key
>
> 6>openssl pkcs12 -export -out exported.pfx -inkey exported.key -in
> exported-pem.crt
>
> so now when i m trying to call the Axis webservice through my client it is
> giving me this error
>
> java.net.SocketException: Software caused connection abort: recv failed
>
>
>
> my Axis client code is
>
> 1>System.setProperty("javax.net.ssl.trustStore","C:\\Program Files\\Apache
> Group\\Tomcat
>
4.1\\webapps\\inteleakserver\\WEB-INF\\keystore\\client_keystore.keystore" )
> ;
>
> 2>System.setProperty("javax.net.ssl.trustStorePassword", "changeit" );
>
>
3>System.setProperty("java.protocol.handler.pkgs1","com.sun.net.ssl.internal
> .www.protocol");
>
> 4>System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Apache
> Group\\Tomcat
> 4.\\webapps\\inteleakserver\\WEBINF\\keystore\\exported.pfx" );
> 5>System.setProperty("javax.net.ssl.keyStorePassword",
"changeit" );
>
> 6> System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
>
> please help me out where Im making mistake.
>
> Regards,
> Rajendra
>
>
> *********************************************************
> Disclaimer:
> The contents of this E-mail (including the contents of the enclosure(s) or
attachment(s) if any) are privileged and confidential material of MBT and
should not be disclosed to, used by or copied in any manner by anyone other
than the intended addressee(s). In case you are not the desired addressee,
you should delete this message and/or re-direct it to the sender. The views
expressed in this E-mail message (including the enclosure(s) or
attachment(s) if any) are those of the individual sender, except where the
sender expressly, and with authority, states them to be the views of MBT.
>
> This e-mail message including attachment/(s), if any, is believed to be
free of any virus. However, it is the responsibility of the recipient to
ensure that it is virus free and MBT is not responsible for any loss or
damage arising in any way from its use
>
> ********************************************************
>
*********************************************************
Disclaimer:
The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of MBT and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of MBT.
This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and MBT is not responsible for any loss or damage arising in any way from its use
********************************************************
Re: Urgent > Client authentication fails for ssl for Axiswebservicwclient
Posted by Alexander Mischur <a....@web.de>.
Hi Raj,
The hostnameverifier is brought with J2SDK default
here the imports:
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
I didn't understand the "why" not correctly
for more information look at this Tread for example:
http://forum.java.sun.com/thread.jspa?threadID=521779&tstart=30
Alex
Rajendra wrote:
> Hi Alex,
> Thx for ur reply. Just to clear that access to web service on ssl is
> working smoothly. Now
> I want to do the two way authentication. i.e. Using client certificate.
> HostNameVerifier is third party utility or provided by Java/Apache.
>
> Regards,
> Raj.
>
>
> -----Original Message-----
> From: Alexander Mischur [mailto:a.mischur@web.de]
> Sent: Wednesday, April 20, 2005 7:54 PM
> To: axis-user@ws.apache.org
> Subject: Re: Urgent > Client authentication fails for ssl for
> Axiswebservicwclient
>
>
> Hi
>
> if I understand the SSL in java right you didn't need a keyFile on the
> client site.
>
> Did you have a HostNameVerifier?
>
> In my code i write this:
>
> System.setProperty("javax.net.ssl.trustStore", trustFile);
>
> HostnameVerifier hv = new HostnameVerifier() {
> public boolean verify(String urlHostName, SSLSession session) {
> logger.warn("URL Host: " + urlHostName + " vs. " +
> session.getPeerHost());
> return true;
> }
> };
> HttpsURLConnection.setDefaultHostnameVerifier(hv);
>
> now write the webservice call.
>
> I hope it will help you
>
> Regards,
> Alex
>
> Rajendra wrote:
>
>>hello All,
>>i am new to PKI but currently i have assigned task in this.What i need to
>
> do
>
>>is set up a SSL over Axis webservice.I have configured Tomcat for SSL and
>
> it
>
>>works fine for One way SSl.But now i m trying for client authentication i
>>have some problem
>>i have done the following steps
>>1> Generate a Server Key and Certificate
>>2>Export the Server Certificate
>>3>Generate a Client Key and Certificate
>>4>Export the Client Certificate
>>5>Import the Certificates into the
>>
>
> Keystores(Reference:http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_S
>
>>SL.html)
>>
>>Now for client authentication i need to convert my client.cer in
>
> client.pfx
>
>>so i followed the steps given by you
>>1>keytool -export -alias client.cer -keystore client.cer -file
>>exported.crt
>>
>>2>openssl x509 -out exported-pem.crt -outform pem -text -in
>>exported.crt -inform der
>>
>>3>javac ExportPriv.java(downloaded)
>>4>java ExportPriv client.cer client.cer <password> > exported-pkcs8.key
>>
>>5>openssl pkcs8 -inform PEM -nocrypt -in exported-pkcs8.key -out
>>exported.key
>>
>>6>openssl pkcs12 -export -out exported.pfx -inkey exported.key -in
>>exported-pem.crt
>>
>>so now when i m trying to call the Axis webservice through my client it is
>>giving me this error
>>
>>java.net.SocketException: Software caused connection abort: recv failed
>>
>>
>>
>>my Axis client code is
>>
>>1>System.setProperty("javax.net.ssl.trustStore","C:\\Program Files\\Apache
>>Group\\Tomcat
>>
>
> 4.1\\webapps\\inteleakserver\\WEB-INF\\keystore\\client_keystore.keystore" )
>
>>;
>>
>>2>System.setProperty("javax.net.ssl.trustStorePassword", "changeit" );
>>
>>
>
> 3>System.setProperty("java.protocol.handler.pkgs1","com.sun.net.ssl.internal
>
>>.www.protocol");
>>
>>4>System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Apache
>>Group\\Tomcat
>>4.\\webapps\\inteleakserver\\WEBINF\\keystore\\exported.pfx" );
>> 5>System.setProperty("javax.net.ssl.keyStorePassword",
>
> "changeit" );
>
>> 6> System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
>>
>>please help me out where Im making mistake.
>>
>>Regards,
>>Rajendra
>>
>>
>>*********************************************************
>>Disclaimer:
>>The contents of this E-mail (including the contents of the enclosure(s) or
>
> attachment(s) if any) are privileged and confidential material of MBT and
> should not be disclosed to, used by or copied in any manner by anyone other
> than the intended addressee(s). In case you are not the desired addressee,
> you should delete this message and/or re-direct it to the sender. The views
> expressed in this E-mail message (including the enclosure(s) or
> attachment(s) if any) are those of the individual sender, except where the
> sender expressly, and with authority, states them to be the views of MBT.
>
>>This e-mail message including attachment/(s), if any, is believed to be
>
> free of any virus. However, it is the responsibility of the recipient to
> ensure that it is virus free and MBT is not responsible for any loss or
> damage arising in any way from its use
>
>>********************************************************
>>
>
>
>
> *********************************************************
> Disclaimer:
> The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of MBT and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of MBT.
>
> This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and MBT is not responsible for any loss or damage arising in any way from its use
>
> ********************************************************
>